Top

Published in:

2022 | OriginalPaper | Chapter

Security Mental Models and Personal Security Practices of Internet Users in Africa

Authors : Enock Samuel Mbewe, Josiah Chavula

Published in: e-Infrastructure and e-Services for Developing Countries

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Recent trends show an increase in risks for personal cyberattacks, in part due to an increase in remote work that has been imposed by worldwide Covid-19 lockdowns. These attacks have further exposed the inefficiencies of the paternalistic design of Internet security systems and security configuration frameworks. Prior research has shown that users often have inadequate Internet security and privacy mental models. However, little is known about the causes of flawed mental models. Using mixed methods over a period of nine months, we investigate Internet security mental models of users in Africa and the implications of these mental models on personal security practice. Consistent with prior research, we find inadequate Internet security mental models in self-reported expert and non-expert Internet users. In addition, our mental modelling and task analysis reveal that the flawed security practice does not only result from users’ negligence, but also from lack of sufficient Internet security knowledge. Our findings motivate for reinforcing users’ Internet security mental models through personalised security configuration frameworks to allow users, especially those with limited technical skills, to easily configure their desired security levels.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter On the Entropy of Written Afan Oromo

next chapter A Portfolio of Digital Platforms and Services for Digital Health Interventions, A Case in Masvingo Province, Zimbabwe

https://www.qsrinternational.com/nvivo-qualitative-data-analysis-software/home.

See https://blog.cloudflare.com/1111-warp-better-vpn/.

See https://adguard.com/en/adguard-android/overview.html.

See https://github.com/DNSCrypt/dnscrypt-proxy.

Abawajy, J.: User preference of cyber security awareness delivery methods. Behav. Inf. Technol. 33(3), 237–248 (2014). ISSN 0144-929X. https://doi.org/10.1080/0144929X.2012.708787

Acquisti, A., et al.: Nudges for privacy and security: understanding and assisting users’ choices online. ACM Comput. Surv. 50(3) (2017). ISSN 15577341. https://doi.org/10.1145/3054926

Alozie, N.O., Akpan-Obong, P.: The digital gender divide: confronting obstacles to women’s development in Africa. Dev. Policy Rev. 35(2), 137–160 (2017)CrossRef

Antonio, A., Tuffley, D.: The gender digital divide in developing countries. Future Internet 6(4), 673–687 (2014)CrossRef

Asgharpour, F., Liu, D., Camp, L.J.: Mental models of security risks. In: Dietrich, S., Dhamija, R. (eds.) FC 2007. LNCS, vol. 4886, pp. 367–377. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77366-5_34CrossRef

Bernardini, S.: Think-aloud protocols in translation research: achievements, limits, future prospects. Target. Int. J. Transl. Stud. 13(2), 241–263 (2001)CrossRef

Bravo-Lillo, C., Cranor, L.F., Downs, J., Komanduri, S.: Bridging the gap in computer security warnings: a mental model approach. IEEE Secur. Privacy 9(2), 18–26 (2010)CrossRef

Camerer, C., Issacharoff, S., Loewenstein, G., O’donoghue, T., Rabin, M.: Regulation for conservatives: behavioral economics and the case for “asymmetric paternalism”. Univ. Pa. Law Rev. 151(3), 1211–1254 (2003)

Craik, K.J.W.: The Nature of Explanation, vol. 445. CUP Archive (1952)

10.

Cranor, L.F.: A framework for reasoning about the human in the loop. In: Usability, Psychology, and Security, UPSEC 2008 (2008)

11.

Lorrie Faith Cranor and Norbou Buchler: Better together: usability and security go hand in hand. IEEE Secur. Priv. 12(6), 89–93 (2014)CrossRef

12.

Cranor, L.F., Garfinkel, S.: Security and Usability: Designing Secure Systems that People Can Use. O’Reilly Media, Inc., Sebastopol (2005)

13.

Dodd-McCue, D., Tartaglia, A.: Self-report response bias: learning how to live with its diagnosis in chaplaincy research. Chaplain. Today 26(1), 2–8 (2010)CrossRef

14.

Edwards, W.K., Poole, E.S., Stoll, J.: Security automation considered harmful? In: Proceedings of the 2007 Workshop on New Security Paradigms, pp. 33–42 (2008)

15.

Fagan, M., Khan, M.M.H.: Why do they do what they do?: a study of what motivates users to (not) follow computer security advice. In: Twelfth Symposium on Usable Privacy and Security (SOUPS 2016), Denver, CO, June 2016, pp. 59–75. USENIX Association (2016). ISBN 978-1-931971-31-7. https://www.usenix.org/conference/soups2016/technical-sessions/presentation/fagan

16.

Flechais, I., Riegelsberger, J., Sasse, M.A.: Divide and conquer: the role of trust and assurance in the design of secure socio-technical systems. In: Proceedings of the 2005 Workshop on New Security Paradigms, pp. 33–41 (2005)

17.

Gentner, D., Stevens, A.L.: Mental Models. Psychology Press, Abingdon (2014)CrossRef

18.

Nina Gerber, Paul Gerber, and Melanie Volkamer. Explaining the privacy paradox: a systematic review of literature investigating privacy attitude and behavior. Comput. Secur. 77, 226–261 (2018). ISSN 01674048

19.

Pelle Guldborg Hansen: The definition of nudge and libertarian paternalism: does the hand fit the glove? Eur. J. Risk Regul. 7(1), 155–174 (2016)CrossRef

20.

Ion, I., Reeder, R., Consolvo, S.: “...No one can hack my mind”: comparing expert and non-expert security practices. In: SOUPS 2015 - Proceedings of the 11th Symposium on Usable Privacy and Security, pp. 327–346 (2019)

21.

Jääskeläinen, R.: Think-aloud protocol. In: Handbook of Translation Studies, vol. 1, pp. 371–374 (2010)

22.

Jackson, L.A., Zhao, Y., Kolenic III, A., Fitzgerald, H.E., Harold, R., Eye, A.V.: Race, gender, and information technology use: the new digital divide. CyberPsychology Behav. 11(4), 437–442 (2008)

23.

Kang, R., Dabbish, L., Fruchter, N., Kiesler, S.: My data just goes everywhere: user mental models of the internet and implications for privacy and security. In: SOUPS 2015 - Proceedings of the 11th Symposium on Usable Privacy and Security, pp. 39–52 (2016). ISBN 9781931971249

24.

Keus, K., Gast, T.: Configuration management in security related software engineering processes. Bundesamtfür Sicherheit in der Informationstechnik Postfach 20, 03–63 (1996)

25.

Krombholz, K., Busse, K., Pfeffer, K., Smith, M., Zezschwitz, E.V.: If HTTPS were secure, I wouldn’t need 2FA - end user and administrator mental models of HTTPS. In: Proceedings - IEEE Symposium on Security and Privacy, pp. 246–263 (2019). ISSN 10816011. https://doi.org/10.1109/SP.2019.00060

26.

Kurtz, G.: Sophos 2021 threat report: navigating cybersecurity in an uncertain world (2021). https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2021-threat-report.pdf. Accessed 24 Feb 2021

27.

Leonard, T.C.: Richard H. Thaler, Cass R. Sunstein, nudge: improving decisions about health, wealth, and happiness. Const. Polit. Econ. 19, 356–360 (2008)

28.

Lin, J., Sadeh, N., Amini, S., Lindqvist, J., Hong, J.I., Zhang, J.: Expectation and purpose, p. 501 (2012). https://doi.org/10.1145/2370216.2370290

29.

Mai, A., Pfeffer, K., Gusenbauer, M., Weippl, E., Krombholz, K.: User mental models of cryptocurrency systems - a grounded theory approach. In: Proceedings of the 16th Symposium on Usable Privacy and Security, SOUPS 2020, pp. 341–358 (2020)

30.

Milne, B., Griffiths, A., Clarke, C., Dando, C.: The cognitive interview. In: Evidence-Based Investigative Interviewing, pp. 56–73 (2019). https://doi.org/10.4324/9781315160276-4

31.

Norman, D.: The Design of Everyday Things: Revised and Expanded Edition. Basic Books, New York (2013)

32.

Renaud, K., Volkamer, M., Renkema-Padmos, A.: Why doesn’t Jane protect her privacy? In: De Cristofaro, E., Murdoch, S.J. (eds.) PETS 2014. LNCS, vol. 8555, pp. 244–262. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08506-7_13CrossRef

33.

Sasse, M., Flechais, I.: Usable security: why do we need it? how do we get it? (2005)

34.

Schneier, B.: Beyond Fear: Thinking Sensibly About Security in an Uncertain World. Springer Science & Business Media, Berlin (2006). https://doi.org/10.1007/b97547

35.

Sharma, K., Zhan, X., Nah, F.F.-H., Siau, K., Cheng, M.X.: Impact of digital nudging on information security behavior: an experimental study on framing and priming in cybersecurity. Organ. Cybersecur. J.: Pract. Process People (2021). ISSN 2635–0270. https://doi.org/10.1108/ocj-03-2021-0009

36.

Sobers, R.: 134 cybersecurity statistics and trends for 2021 (2021). https://www.varonis.com/blog/cybersecurity-statistics/. Accessed 15 Feb 2021

37.

Ur, B., Bees, J., Segreti, S.M., Bauer, L., Christin, N., Cranor, L.F.: Do users’ perceptions of password security match reality? In: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, pp. 3748–3760 (2016)

38.

Wash, R., Rader, E.: Influencing mental models of security: a research agenda. In: Proceedings New Security Paradigms Workshop (2011). https://doi.org/10.1145/2073276.2073283

39.

Wash, R., Rader, E.: Too much knowledge? Security beliefs and protective behaviors among United States internet users. In: SOUPS 2015 - Proceedings of the 11th Symposium on Usable Privacy and Security, pp. 309–325 (2019)

40.

Wash, R., Rader, E., Fennell, C.: Can people self-report security accurately? agreement between self-report and behavioral measures. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 2228–2232 (2017)

41.

Whitten, A., Tygar, J.D.: Usability of security : a case study. Computer Science, no. 102590, pp. 1–41 (1998)

Title: Security Mental Models and Personal Security Practices of Internet Users in Africa
Authors: Enock Samuel Mbewe
Josiah Chavula
Publisher: Springer International Publishing
Book: e-Infrastructure and e-Services for Developing Countries
Print ISBN: 978-3-031-06373-2

Electronic ISBN: 978-3-031-06374-9

Copyright Year: 2022
DOI: https://doi.org/10.1007/978-3-031-06374-9_4

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner