Abstract

The increasing use of information technology artifacts in daily life makes security a shared responsibility of both users and companies. In recent years, increasing a user's objective (i.e., actual) security knowledge and providing applications with more secure default settings appear among the most ubiquitous tools companies use to broaden their efforts to help users make more secure decisions. Examining both solutions matters because they are widely used, cost effective, and understood by many security practitioners. Additionally, default settings and users’ objective knowledge provide anchors for decision-making. However, human errors and insecure default settings are increasing and raising further questions about the efficacy of such efforts. Using the theory of bounded rationality, we investigated the role of objective, subjective (i.e., self-assessed) security knowledge, and default settings security level on the overall decision security. We found that objective security knowledge can lead to secure decisions when paired with high subjective security knowledge. In the absence of the latter, objective security knowledge is unable to lead to better security decisions. Furthermore, subjective security knowledge reduces the extent to which users fully accept default security settings, thereby mitigating bias toward insecure default settings.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.