Location
Online
Event Website
https://hicss.hawaii.edu/
Start Date
3-1-2022 12:00 AM
End Date
7-1-2022 12:00 AM
Description
Inadvertent human errors (e.g., clicking on phishing emails or falling for a spoofed website) have been the primary cause of security breaches in recent years. To understand the root cause of these errors and examine practical solutions for users to overcome them, we applied the theory of bounded rationality and explored the role of heuristics (i.e., short mental processes) in security decision making. Interviews with 27 participants revealed that users rely on various heuristics to simplify their decision making in the information security context. Specifically, users rely on experts’ comments (i.e., expertise heuristic), information at hand, such as recent events (i.e., availability heuristic), and security-representative visual cues (i.e., representativeness heuristic). Findings also showed the use of other heuristics, including affect, brand, and anchoring, to a lesser degree. The results have practical and theoretical significance. In particular, they extend the literature by integrating bounded rationality concepts and elaborating “how” users simplify their security decision making by relying on cognitive heuristics.
The Role of Heuristics in Information Security Decision Making
Online
Inadvertent human errors (e.g., clicking on phishing emails or falling for a spoofed website) have been the primary cause of security breaches in recent years. To understand the root cause of these errors and examine practical solutions for users to overcome them, we applied the theory of bounded rationality and explored the role of heuristics (i.e., short mental processes) in security decision making. Interviews with 27 participants revealed that users rely on various heuristics to simplify their decision making in the information security context. Specifically, users rely on experts’ comments (i.e., expertise heuristic), information at hand, such as recent events (i.e., availability heuristic), and security-representative visual cues (i.e., representativeness heuristic). Findings also showed the use of other heuristics, including affect, brand, and anchoring, to a lesser degree. The results have practical and theoretical significance. In particular, they extend the literature by integrating bounded rationality concepts and elaborating “how” users simplify their security decision making by relying on cognitive heuristics.
https://aisel.aisnet.org/hicss-55/in/behavioral_is_security/5