Visible to the public Effective risk communication for end users: A multi-granularity approach

TitleEffective risk communication for end users: A multi-granularity approach
Publication TypeConference Paper
Year of Publication2015
AuthorsJ. Chen, C. S. Gates, Z. Jorgensen, W. Yang
Secondary AuthorsA. Xiong, N. Li, T. Yu, R. W. Proctor
Conference NameWomen in CyberSecurity (WiCyS) Conference
Conference LocationAtlanta, Georgia
KeywordsA Human Information-Processing Analysis of Online Deception Detection, app selection, phishing, risk communication
Abstract

We proposed a multi-granularity approach to present risk information of mobile apps to the end users. Within this approach the highest level is a summary risk index, which allows quick and easy comparison among multiple apps that provide similar functionality. We have developed several types of risk index, such as text saying "High Risk" or number of filled circles (Gates, Chen, Li, & Proctor, 2014). Through both online and in-lab studies, we found that when presented the interface with the summary risk index, participants made more secure app-selection decisions. Subsequent research showed that framing of the summary risk information affects users' app-selection decisions, and positive framing in terms of safety has an advantage over negative framing in terms of risk (Chen, Gates, Li, & Proctor, 2014).

In addition to the summary risk index, some users may also want more detailed risk information for the apps. We have been developing an intermediate-level risk display that presents only the major risk categories. As a first step, we conducted user studies to have expert users' identify the major risk categories (personal privacy, monetary loss, and device stability) and validate the categories on typical users (Jorgensen, Chen, Gates, Li, Proctor, & Yu, 2015). In a subsequent study, we are developing a graphical display to incorporate these risk categories into the current app interface and test its effectiveness.

This multi-granularity approach can be applied to risk communication in other contexts. For example, in the context of communicating the potential risk associated with phishing attacks, an effective warning should be designed to include both higher-level and lower-level risk information: A higher-level index information about how likely an email message or website is a phishing one should be presented to users and inform them about the potential risk in an easy-to-comprehend manner; a more detailed explanation should also be available for users who want to know more about the warning and the index. We have completed a pilot study in this area and are initiating a full study to investigate the effectiveness of such an interface in preventing users from being phished successfully.

Citation Keynode-21114
Refereed DesignationUnknown

Other available formats:

WiCyS_poster_Chen.pdf
AttachmentSize
bytes