Basing Cybersecurity Training on User Perceptions

Published: April 02, 2012


Susanne M. Furman, Mary F. Theofanos, Yee-Yin Choong, Brian C. Stanton


The National Initiative for Cybersecurity Education (NICE) will be conducting a nationwide awareness and outreach program to effect behavioral change. To be effective, an educational campaign must first understand users’ perceptions of computer and online security. Our research objective was to understand user’s current knowledge base, awareness, and skills. We investigated their understanding of online security by conducting in-depth interviews with the goal of identifying existing correct perceptions, myths, and potential misperceptions. Our findings indicate that the participants were primarily aware of and concerned with online and computer security. However, the participants lacked a complete skill set to protect their computer systems, identities and information online. Providing a skill set that allows them to develop complete mental models will help them to correctly anticipate and adapt the appropriate behaviors when approaching online security. Future research should identify the skills that will assist users to build the appropriate cybersecurity mental models.
Citation: IEEE Security & Privacy
Volume: 10
Issue: 2
Pub Type: Journals


"online user perceptions" "cybersecurity" "mental models" "computer security"
Created April 02, 2012, Updated February 19, 2017