1 / 16

User Security Behavior

User Security Behavior Denise Anthony PKI Unlocked Summit Dartmouth College July 2004 Computer Networks Collective resource systems Produced and maintained by multiple actors; Individual behavior effects integrity of system virus exposure unauthorized access

Albert_Lan
Télécharger la présentation

User Security Behavior

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. User Security Behavior Denise Anthony PKI Unlocked Summit Dartmouth College July 2004

  2. Computer Networks Collective resource systems • Produced and maintained by multiple actors; • Individual behavior effects integrity of system • virus exposure • unauthorized access Feels like consuming a private good

  3. User surveys Dartmouth students: • April 2003: Computer use and security behavior • Representative sample of 171 undergrads • Method: on-line survey • November 2003: Use of Wireless and Wired networks • Total of 247 undergraduate and graduate students • Method: paper survey • Conducted by student Emiliano Trere from University of Bologna in Italy • 20 in-depth interviews Nationally representative data from UCLA Center for Communication Policy www.ccp.ucla.edu

  4. Dartmouth Students

  5. Basic Use Statistics • 99% use email daily • ~95% use home-grown Blitzmail program • Primary medium of communication on campus • 70% browse the Web at least 1 hour/day • 67% P2P file-sharing in average week • 90% purchased on-line in last 6 months • 78% use both wired and wireless networks • Over 2/3 use wireless on almost daily basis • 22% no wireless: lack of technology, seniors

  6. Virus Protection • 87% have anti-virus software loaded on their computer • 2/3 of them scan for viruses at least once per month • About 40% up-date their anti-virus software at least once per month

  7. Password Security • 75% have shared their password • Over 50% did NOT change it afterward • Nearly two-thirds never change password • 36% use same password for all apps/sites • all websites that require password • no distinction between secure (SSL) and non-secure websites

  8. Behavior across networks

  9. Security Concerns • About half concerned about PRIVACY on WWW • More than half concerned about SECURITY of information on WWW

  10. Web security?How do users think about website security?Implicit trust and experience “If [a website] mention[s] they are secure…I usually trust it.” “I don’t really think about it, but when the windows pop up saying I should do something, I always say yes.” “All the websites I use are secure, and everyone else is doing it [without] a problem.”

  11. Web securityHow do users think about website security?Use brand name sites - reputation “I just order from Amazon and places like that.” “I use it if it is an official site of a major company.” “I would never order stuff off a website that looks like its program could change…you know, a crappy website.” “I trust Norton to do it for me.”

  12. Security Behavior OnlineHow often check browser security signals when submitting sensitive information?

  13. Security Features Used

  14. Link between concern and behavior

  15. How concerned are users? 2002 National data (UCLA): 54% very/extremely concerned about privacy when purchasing online 11.2% not at all (up from 5.5%) Non-purchasers (58%) more concerned than purchasers (33%) New users (65%) more concerned than experienced users (47%) Methods to reduce concerns: 23% Nothing! 6% better technology 27% guarantee/3rd party verification/Gov regulation

  16. Implications • Not evaluating security of websites • Don’t use security signals • Don’t know what to look for • Engage in un-secure behavior • Users already ‘trust’ infrastructure • Rely on reputation of company • Expectation that technology is secure • Want ‘assurance’ that system works • Third party incentives/regulation of security

More Related