![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Consumer psych and network security
Aug. 1st, 2018 12:20 pmupd: reddit users just learned that the service got hacked a month and a half ago. https://amp.reddit.com/r/announcements/comments/93qnm5/we_had_a_security_incident_heres_what_you_need_to/
Another important difference between traditional and network technologies is consumers' low ex ante perception of risk combined with delayed (if ever!) consequences of a breach episode. Awareness is limited, while feedback loops are either weak or non–existent.
related: https://www.nytimes.com/2018/08/01/technology/data-breaches.html
Another important difference between traditional and network technologies is consumers' low ex ante perception of risk combined with delayed (if ever!) consequences of a breach episode. Awareness is limited, while feedback loops are either weak or non–existent.
This indicates that researchers who wish to measure information security risk perceptions should consider using an EEG measure of risk because of its superior predictive power. It also suggests that other NeuroIS methods may be similarly effective in predicting information security behavior because of their ability to avoid measurement biases.
With this study, we show that participants’ EEG P300 amplitudes in response to losses in a risk-taking
experimental task strongly predicted security warning disregard in a subsequent and unrelated
computing task using participants’ own laptop computers. By comparison, self-reported measures of
information security risk did not predict security warning disregard. However, after secretly simulating
a malware incident on the participants’ own laptops, post-test measures of information security risk
perception did predict participants’ security warning disregard after a security incident.
https://neurosecurity.byu.edu/media/Vance_2014_JAIS.pdf
related: https://www.nytimes.com/2018/08/01/technology/data-breaches.html
