End User and Expert Perceptions of Threats and Potential Countermeasures
| Title | End User and Expert Perceptions of Threats and Potential Countermeasures |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Anell, S., Gröber, L., Krombholz, K. |
| Conference Name | 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW) |
| Date Published | Sept. 2020 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-8597-2 |
| Keywords | Biological system modeling, Cognitive science, computer network security, conducted semistructured interviews, data privacy, end user perceptions, expert perceptions, expert systems, Guidelines, human factors, inductive research approach, Internet, Interviews, large-scale adoption, mental models, potential countermeasures, privacy, privacy technology, pubcrawl, Scalability, security, security expert perceptions, security technology, technical countermeasures, threat models, threats countermeasures, trust-based defensive methods, Usable Security and Privacy |
| Abstract | Experts often design security and privacy technology with specific use cases and threat models in mind. In practice however, end users are not aware of these threats and potential countermeasures. Furthermore, mis-conceptions about the benefits and limitations of security and privacy technology inhibit large-scale adoption by end users. In this paper, we address this challenge and contribute a qualitative study on end users' and security experts' perceptions of threat models and potential countermeasures. We follow an inductive research approach to explore perceptions and mental models of both security experts and end users. We conducted semi-structured interviews with 8 security experts and 13 end users. Our results suggest that in contrast to security experts, end users neglect acquaintances and friends as attackers in their threat models. Our findings highlight that experts value technical countermeasures whereas end users try to implement trust-based defensive methods. |
| URL | https://ieeexplore.ieee.org/document/9229666 |
| DOI | 10.1109/EuroSPW51379.2020.00038 |
| Citation Key | anell_end_2020 |
- mental models
- usable security and privacy
- trust-based defensive methods
- threats countermeasures
- threat models
- technical countermeasures
- security technology
- security expert perceptions
- security
- Scalability
- pubcrawl
- privacy technology
- privacy
- potential countermeasures
- Biological system modeling
- large-scale adoption
- Interviews
- internet
- inductive research approach
- Human Factors
- Guidelines
- expert systems
- expert perceptions
- end user perceptions
- data privacy
- conducted semistructured interviews
- computer network security
- cognitive science