Abstract
Security warnings are critical to help users make contextual security decisions. Unfortunately, users find these warnings hard to understand, and they routinely expose themselves to unintended risks as a result. Although it is straightforward to determine when users fail to understand a warning, it is more difficult to pinpoint why this happens. The goal of this research is to use eye tracking and fMRI to step through the building blocks of comprehension—attention, semantics, syntax, and pragmatics—for SSL and other common security warnings. Through this process, we will identify ways to design security warnings to be more easily understood.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Anderson, B.B., Kirwan, C.B., Jenkins, J.L., Eargle, D., Howard, S., Vance, A.: How polymorphic warnings reduce habituation in the brain: insights from an fMRI study. In Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI) ACM, Seoul, South Korea (2015)
Anderson, B.B., Vance, A., Kirwan, C.B., Eargle, D., Jenkins, J.L.: How users perceive and respond to security messages: a NeuroIS research agenda and empirical study. Eur. J. Inf. Syst. 25(4), 364–390 (2016)
Bravo-Lillo, C., Komanduri, S., Cranor, L.F., Reeder, R.W., Sleeper, M., Downs, J., Schechter, S.: Your attention please: designing security-decision uis to make genuine risks harder to ignore. In Proceedings of the Ninth Symposium on Usable Privacy and Security ACM, Newcastle, United Kingdom, pp. 1–12 (2013)
Christianson, K., Luke, S.G., Hussey, E.K., Wochna, K.L.: Why reread? Evidence from garden-path and local coherence structures. Q. J. Exp. Psychol. 70(7), 1380–1405 (2017)
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M., Baskerville, R.: Future directions for behavioral information security research. Comput. Secur. 32(1), 90–101 (2013)
Felt, A.P., Ainslie, A., Reeder, R.W., Consolvo, S., Thyagaraja, S., Bettes, A., Harris, H., Grimes, J.: Improving ssl warnings: comprehension and adherence. In Proceedings of the Conference on Human Factors in Computing Systems (2015)
Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In Proceedings of the Eighth Symposium on Usable Privacy and Security ACM, pp. 3:1–3:14 (2012)
Keller, T.A., Carpenter, P.A., Just, M.A.: The neural bases of sentence comprehension: a fMRI examination of syntactic and lexical processing. Cereb. Cortex 11(3), 223–237 (2001)
Rayner, K.: Eye movements in reading and information processing: 20 years of research. Psychol. Bull. 124(3), 372–422 (1998)
Rayner, K.: Eye movements and attention in reading, scene perception, and visual search. Q. J. Exp. Psychol. 62(8), 1457–1506 (2009)
Vance, A., Anderson, B.B., Kirwan, C.B., Eargle, D.: Using measures of risk perception to predict information security behavior: insights from electroencephalography (eeg). J. Assoc. Inf. Syst. 15(10), 679–722 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Vance, A., Jenkins, J.L., Anderson, B.B., Brock Kirwan, C., Bjornn, D. (2019). Improving Security Behavior Through Better Security Message Comprehension: fMRI and Eye-Tracking Insights. In: Davis, F., Riedl, R., vom Brocke, J., LĂ©ger, PM., Randolph, A. (eds) Information Systems and Neuroscience. Lecture Notes in Information Systems and Organisation, vol 29. Springer, Cham. https://doi.org/10.1007/978-3-030-01087-4_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-01087-4_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-01086-7
Online ISBN: 978-3-030-01087-4
eBook Packages: Business and ManagementBusiness and Management (R0)