Skip to main content
SpringerLink
Log in

Valuing Information Security from a Phishing Attack

  • Conference paper
  • First Online:
Advances in Human Factors in Cybersecurity (AHFE 2017)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 593))

Included in the following conference series:

Abstract

In most cyber security contexts, users need to make trade-offs for information security. This research examined this issue by quantifying the relative value of information security within a value system that comprises of multiple conflicting objectives. Using this quantification as a platform, this research also examined the effect of different usage contexts on information security concern. Users were asked to indicate how much loss in productivity and time, and how much more money they were willing to incur to acquire an effective phishing filter. The results indicated that users prioritize productivity and time over information security while there was much more heterogeneity in the concern about cost. The value of information security was insignificantly different across different usage contexts. The relative value of information security was found to be predictive of self-reported online security behaviors. These results offer valuable implications for the design of a more usable information security system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We could continue the elicitation beyond three choices, but this was deemed unnecessary as the purpose of the study was to bound the premiums. In addition, having up to three trials already allows us to specify fifteen (small) ranges of the premiums that users were willing to exchange for a higher level of information security (see the Appendix for more details).

References

  1. Lwin, M., Wirtz, J., Williams, J.D.: Consumer online privacy concerns and responses: a power–responsibility equilibrium perspective. J. Acad. Mark. Sci. 35, 572–585 (2007)

    Article  Google Scholar 

  2. Paine, C., Reips, U., Stieger, S., et al.: Internet users’ perceptions of ‘privacy concerns’ and ‘privacy actions’. Int. J. Hum. Comput. Stud. 65, 526–536 (2007)

    Article  Google Scholar 

  3. Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Secur. Priv. 3, 26–33 (2005)

    Article  Google Scholar 

  4. Kumaraguru, P., Rhee, L., Acquisti, A., et al.: Protecting people from phishing: the design and evaluation of an embedded training email system. In: 25th Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 905–914. ACM, New York (2007)

    Google Scholar 

  5. Verplanken, B., Holland, R.W.: Motivated decision making: effects of activation and self-centrality of values on choices and behavior. J. Pers. Soc. Psychol. 82, 434–447 (2002)

    Article  Google Scholar 

  6. Isomursu, M., Isomursu, P., Ervasti, M., et al.: Understanding human values in adopting new technology—a case study and methodological discussion. Int. J. Hum. Comput. Stud. 69, 183–200 (2011)

    Google Scholar 

  7. Jurison, J.: Perceived value and technology adoption across four end user groups. J. Organ. End User Comp. 12, 21–28 (2000)

    Article  Google Scholar 

  8. Tsai, J., Egelman, S., Cranor, L., Acquisti, A.: The effect of online privacy information on purchasing behavior: an experimental study. Inf. Syst. Res. 22, 254–268 (2011)

    Article  Google Scholar 

  9. Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L., Downs, J.: Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. In: 28th Proceedings of the SIGCHI conference on Human factors in Computing Systems, pp. 373–382. ACM, New York (2010)

    Google Scholar 

  10. Workman, M., Bommer, W.H., Straub, D.: Security lapses and the omission of information security measures: a threat control model and empirical test. Comput. Hum. Behav. 24, 2799–2816 (2008)

    Article  Google Scholar 

  11. Keeney, R.L., Raiffa, H.: Decisions with Multiple Objectives: Preferences and Value Tradeoffs. Wiley, New York (1976)

    MATH  Google Scholar 

  12. Keeney, R.L.: The value of internet commerce to the customer. Manag. Sci. 45, 533–542 (1999)

    Article  Google Scholar 

  13. Eisenführ, F., Weber, M., Langer, T.: Rational Decision Making. Springer, Berlin (2010)

    Book  MATH  Google Scholar 

  14. Davis, F.D.: Perceived usefulness, perceived ease of use, and user acceptance of information technology. Manag. Inf. Syst. Q. 13, 319–340 (1989)

    Article  Google Scholar 

  15. Kujala, S., Väänänen-Vainio-Mattila, K.: Value of information systems and products: understanding the users’ perspective and values. J. Inf. Technol. Theor. Appl. 9, 23–39 (2009)

    Google Scholar 

  16. Boiney, L.G.: Reaping the benefits of information technology in organizations: a framework guiding appropriation of group support systems. J. Appl. Behav. Sci. 34, 327–346 (1998)

    Article  Google Scholar 

  17. Buhrmester, M., Kwang, T., Gosling, S.D.: Amazon’s mechanical turk: a new source of inexpensive, yet high-quality, data? Perspect. Psychol. Sci. 6, 3–5 (2011)

    Article  Google Scholar 

  18. Mason, W., Suri, S.: Conducting behavioral research on Amazon’s mechanical turk. Behav. Res. Methods 44, 1–23 (2012)

    Article  Google Scholar 

  19. Ipeirotis, P.G., Paolacci, G., Chandler, J.: Running experiments on amazon mechanical turk. Judgm. Decis. Mak. 5, 411–419 (2010)

    Google Scholar 

  20. Nguyen, K.D., Rosoff, H., John, R.S.: The effects of attacker identity and individual user characteristics on the value of information privacy. Comput. Hum. Behav. 55, 372–383 (2016)

    Article  Google Scholar 

  21. Kirkwood, C.W.: Strategic Decision Making: Multiobjective Decision Analysis with Spreadsheets. Duxbury Press, Belmont (1997)

    Google Scholar 

  22. Acquisti, A., John, L.K., Loewenstein, G.: What is privacy worth? J. Legal Stud. 42, 249–274 (2013)

    Article  Google Scholar 

  23. Dhillon, G., Tiago, O., Susarapu, S., Caldeira, M.: Deciding between information security and usability. Comput. Hum. Behav. 61, 656–666 (2016)

    Google Scholar 

  24. Xu, H., Luo, X., Carroll, J.M., Rosson, M.B.: The personalization privacy paradox: an exploratory study of decision making process for location-aware marketing. Decis. Support Syst. 51, 42–52 (2011)

    Article  Google Scholar 

  25. Glassman, M., Vandenwauver, M., Tam, L.: The psychology of password management: a tradeoff between security and convenience. BT Technol. J. 29, 233–244 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Psychology, University of Southern California, Los Angeles, CA, USA

    Kenneth D. Nguyen & Richard S. John

  2. Center for Risk and Economic Analysis of Terrorism Events, University of Southern California, Los Angeles, CA, USA

    Heather Rosoff

Authors
  1. Kenneth D. Nguyen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Heather Rosoff
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Richard S. John
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kenneth D. Nguyen .

Editor information

Editors and Affiliations

  1. Soar Technology, Inc., Belle Isle, Florida, USA

    Denise Nicholson

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Cite this paper

Nguyen, K.D., Rosoff, H., John, R.S. (2018). Valuing Information Security from a Phishing Attack. In: Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. AHFE 2017. Advances in Intelligent Systems and Computing, vol 593. Springer, Cham. https://doi.org/10.1007/978-3-319-60585-2_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-60585-2_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-60584-5

  • Online ISBN: 978-3-319-60585-2

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation