Abstract
In most cyber security contexts, users need to make trade-offs for information security. This research examined this issue by quantifying the relative value of information security within a value system that comprises of multiple conflicting objectives. Using this quantification as a platform, this research also examined the effect of different usage contexts on information security concern. Users were asked to indicate how much loss in productivity and time, and how much more money they were willing to incur to acquire an effective phishing filter. The results indicated that users prioritize productivity and time over information security while there was much more heterogeneity in the concern about cost. The value of information security was insignificantly different across different usage contexts. The relative value of information security was found to be predictive of self-reported online security behaviors. These results offer valuable implications for the design of a more usable information security system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We could continue the elicitation beyond three choices, but this was deemed unnecessary as the purpose of the study was to bound the premiums. In addition, having up to three trials already allows us to specify fifteen (small) ranges of the premiums that users were willing to exchange for a higher level of information security (see the Appendix for more details).
References
Lwin, M., Wirtz, J., Williams, J.D.: Consumer online privacy concerns and responses: a power–responsibility equilibrium perspective. J. Acad. Mark. Sci. 35, 572–585 (2007)
Paine, C., Reips, U., Stieger, S., et al.: Internet users’ perceptions of ‘privacy concerns’ and ‘privacy actions’. Int. J. Hum. Comput. Stud. 65, 526–536 (2007)
Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Secur. Priv. 3, 26–33 (2005)
Kumaraguru, P., Rhee, L., Acquisti, A., et al.: Protecting people from phishing: the design and evaluation of an embedded training email system. In: 25th Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 905–914. ACM, New York (2007)
Verplanken, B., Holland, R.W.: Motivated decision making: effects of activation and self-centrality of values on choices and behavior. J. Pers. Soc. Psychol. 82, 434–447 (2002)
Isomursu, M., Isomursu, P., Ervasti, M., et al.: Understanding human values in adopting new technology—a case study and methodological discussion. Int. J. Hum. Comput. Stud. 69, 183–200 (2011)
Jurison, J.: Perceived value and technology adoption across four end user groups. J. Organ. End User Comp. 12, 21–28 (2000)
Tsai, J., Egelman, S., Cranor, L., Acquisti, A.: The effect of online privacy information on purchasing behavior: an experimental study. Inf. Syst. Res. 22, 254–268 (2011)
Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L., Downs, J.: Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. In: 28th Proceedings of the SIGCHI conference on Human factors in Computing Systems, pp. 373–382. ACM, New York (2010)
Workman, M., Bommer, W.H., Straub, D.: Security lapses and the omission of information security measures: a threat control model and empirical test. Comput. Hum. Behav. 24, 2799–2816 (2008)
Keeney, R.L., Raiffa, H.: Decisions with Multiple Objectives: Preferences and Value Tradeoffs. Wiley, New York (1976)
Keeney, R.L.: The value of internet commerce to the customer. Manag. Sci. 45, 533–542 (1999)
Eisenführ, F., Weber, M., Langer, T.: Rational Decision Making. Springer, Berlin (2010)
Davis, F.D.: Perceived usefulness, perceived ease of use, and user acceptance of information technology. Manag. Inf. Syst. Q. 13, 319–340 (1989)
Kujala, S., Väänänen-Vainio-Mattila, K.: Value of information systems and products: understanding the users’ perspective and values. J. Inf. Technol. Theor. Appl. 9, 23–39 (2009)
Boiney, L.G.: Reaping the benefits of information technology in organizations: a framework guiding appropriation of group support systems. J. Appl. Behav. Sci. 34, 327–346 (1998)
Buhrmester, M., Kwang, T., Gosling, S.D.: Amazon’s mechanical turk: a new source of inexpensive, yet high-quality, data? Perspect. Psychol. Sci. 6, 3–5 (2011)
Mason, W., Suri, S.: Conducting behavioral research on Amazon’s mechanical turk. Behav. Res. Methods 44, 1–23 (2012)
Ipeirotis, P.G., Paolacci, G., Chandler, J.: Running experiments on amazon mechanical turk. Judgm. Decis. Mak. 5, 411–419 (2010)
Nguyen, K.D., Rosoff, H., John, R.S.: The effects of attacker identity and individual user characteristics on the value of information privacy. Comput. Hum. Behav. 55, 372–383 (2016)
Kirkwood, C.W.: Strategic Decision Making: Multiobjective Decision Analysis with Spreadsheets. Duxbury Press, Belmont (1997)
Acquisti, A., John, L.K., Loewenstein, G.: What is privacy worth? J. Legal Stud. 42, 249–274 (2013)
Dhillon, G., Tiago, O., Susarapu, S., Caldeira, M.: Deciding between information security and usability. Comput. Hum. Behav. 61, 656–666 (2016)
Xu, H., Luo, X., Carroll, J.M., Rosson, M.B.: The personalization privacy paradox: an exploratory study of decision making process for location-aware marketing. Decis. Support Syst. 51, 42–52 (2011)
Glassman, M., Vandenwauver, M., Tam, L.: The psychology of password management: a tradeoff between security and convenience. BT Technol. J. 29, 233–244 (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Nguyen, K.D., Rosoff, H., John, R.S. (2018). Valuing Information Security from a Phishing Attack. In: Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. AHFE 2017. Advances in Intelligent Systems and Computing, vol 593. Springer, Cham. https://doi.org/10.1007/978-3-319-60585-2_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-60585-2_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-60584-5
Online ISBN: 978-3-319-60585-2
eBook Packages: EngineeringEngineering (R0)