Keywords: Security Engineering and Design, Privacy,
2016
Using Individual Differences to Tailor Security Mitigations
Serge Egelman, Research Director, International Computer Science Institute, UC BerkeleyEyal Pe'er, Senior Lecturer, Graduate School of Business Administration, Bar-Ilan University
While the burgeoning field of usable security has made security mechanisms more usable by humans in general, prior research invariably has come up short in that not all humans respond the same to stimuli or have the same preferences. Our goal is to examine the ways in which security mitigations can be tailored to individuals, and how this is likely to result in even greater security compliance than what has been previously achieved through user-centric design. While previous work shows that individual differences are predictive of privacy and security attitudes, further research is needed to explore the myriad ways in which this can be applied. Our research agenda will center around reframing security mitigation designs so that they are targeted at the decision-making dimensions that we previously found to be predictive of computer security attitudes. This will include iterative human-subjects experimentation to evaluate whether targeted mitigations result in greater compliance.