The perception of security in selected contexts

Abstract

The perception of security has a strong impact on a person's choice of and interaction with security technology, especially within the context of Usable Security and Privacy research. This thesis sheds light on how people perceive security in their everyday lives through five studies embedded in selected contexts. <br /> The individual narrative of security and its implications on work culture in IT security departments is examined and revealed that consciously shaping the narrative provides a powerful tool in the management of security workers. <br /> Mental models of encryption are investigated both in administrators and non-expert participants. Resulting meta models reveal the extent to which people can be confronted with technical details when dealing with secure systems. A replication of a study on security practices and advice is presented, highlighting fruitful improvements in Usable Security research and practice within the last years, and at the same time pointing to areas of action where secure technology still needs to improve before non-expert users can adopt it effortlessly. Security and privacy habits in payment and banking are investigated across four countries, revealing culturally-specific differences in security perception and credential management behavior. Last but not least, the effect of incentives on adopting secure technology and user perceptions of two-factor authentication are investigated to reveal the differentiation and evaluation process when selecting security measures. <br /> Thus, this thesis contributes to a broader understanding of the human factor within the context of security by showing how mental models and personal influences shape the perception of security and influence the general awareness of relevant threats and corresponding measures. It furthermore highlights that mistrust and negative impressions are powerful inhibitors in the context of perception.