Abstract
The mental models method is a mechanism for risk communication that was pioneered in environmental risk communication, and is being used to improve medical risk communication. This paper proposes that mental models as a method of risk communication can be used to improve communication to end users about computer security risks. In fact, there exist at least five mental models that are currently being used to communicate in an atheoretical, and thus arguably suboptimal, manner. Understanding why mental models is sometimes preferable to direct quantifiable risk information requires an introduction to risk perception. There are well-known heuristics of individual risk perception, validated by decades of experimental economics. Thus this work begins with an introduction to risk perception. Then, an introduction to mental models and some familiarity with computer security brings to the fore a set of mental models that are applicable to and already implied in computer security. Each of these models is discussed as being (in)appropriate to computer security. Consistent communication using already extant (but inchoate) mental models is a promising method of risk communication for computer security. Yet continuing to use the mental models as metaphors has risks of its own.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
