skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: How do non experts think about cyber attack consequences?
Purpose Nonexperts do not always follow the advice in cybersecurity warning messages. To increase compliance, it is recommended that warning messages use nontechnical language, describe how the cyberattack will affect the user personally and do so in a way that aligns with how the user thinks about cyberattacks. Implementing those recommendations requires an understanding of how nonexperts think about cyberattack consequences. Unfortunately, research has yet to reveal nonexperts’ thinking about cyberattack consequences. Toward that end, the purpose of this study was to examine how nonexperts think about cyberattack consequences. Design/methodology/approach Nonexperts sorted cyberattack consequences based on perceived similarity and labeled each group based on the reason those grouped consequences were perceived to be similar. Participants’ labels were analyzed to understand the general themes and the specific features that are present in nonexperts’ thinking. Findings The results suggested participants mainly thought about cyberattack consequences in terms of what the attacker is doing and what will be affected. Further, the results suggested participants thought about certain aspects of the consequences in concrete terms and other aspects of the consequences in general terms. Originality/value This research illuminates how nonexperts think about cyberattack consequences. This paper also reveals what aspects of nonexperts’ thinking are more or less concrete and identifies specific terminology that can be used to describe aspects that fall into each case. Such information allows one to align warning messages to nonexperts’ thinking in more nuanced ways than would otherwise be possible.  more » « less
Award ID(s):
1564293
PAR ID:
10350824
Author(s) / Creator(s):
; ; ; ; ;
Date Published:
Journal Name:
Information & Computer Security
ISSN:
2056-4961
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; (, International Conference on Applied Human Factors and Ergonomics)
    To combat phishing, system messages warn users of suspected phishing attacks. However, users do not always comply with warning messages. One reason for non-compliance is that warning messages contradict how users think about phishing threats. To increase compliance, warning messages should align with user perceptions of phishing threat risks. How users think about phishing threats is not yet known. To identify how users perceive phishing threats, participants were surveyed about their perceptions of the severity and likelihood of 9 phishing consequences. Results revealed perceived severity and likelihood levels for each consequence, as well as relative differences between consequences. Concrete examples of warning messages that reflect these findings are provided. 
    more » « less
  2. ; ; ; (, Proceedings of the Human Factors and Ergonomics Society Annual Meeting)
    Modern vehicles are embedded with numerous electronic components, making them more advanced and automated, while also making them vulnerable to cyberattacks. This study investigated how drivers respond to unexpected, cyber-attack-induced situations through a driving simulator study. It also examined differences in driver responses if they were trained or received warning messages on how to mitigate the effect of a vehicle cyberattack. The findings suggest that drivers' responses to cyberattacks vary based on the severity of the event. Those who receive training are much more likely to drive cautiously when the vehicle behaves unexpectedly and those who receive warning messages are likely to view them, but not necessarily take action. These results have far reaching implications into the utility of training programs in improving driver behavior and leave future work in terms of optimizing warning message systems. 
    more » « less
  3. ; ; ; ; ; (, NSF EEC Grantees Conference 2022)
    ASEE (Ed.)
    The purpose of this study was to measure the neurocognitive effects of think aloud when engineering students were designing. Thinking aloud is a commonly applied protocol in engineering design education research. The process involves students verbalizing what they are thinking as they perform a task. Students are asked to say what comes into their mind. This often includes what they are looking at, thinking, doing, and feeling. It provides insight into the student’s mental state and their cognitive processes when developing design ideas. Think aloud provides a richer understanding about how, what and why students’ design compared to solely evaluating their final product or performance. The results show that Ericsson and Simon's claim that there is no interference due to think-aloud is not supported by this study and more research is required to untangle the effect of think-aloud. 
    more » « less
  4. ; ; (, Proceedings of the Human Factors and Ergonomics Society Annual Meeting)
    The introduction of advanced technologies has made driving a more automated activity. However, most vehicles are not designed with cybersecurity considerations and hence, they are susceptible to cyberattacks. When such incidents happen, it is critical for drivers to respond properly. The goal of this study was to observe drivers’ responses to unexpected vehicle cyberattacks while driving in a simulated environment and to gain deeper insights into their perceptions of vehicle cybersecurity. Ten participants completed the experiment and the results showed that they perceived and responded differently to each vehicle cyberattack. Participants correctly identified the cybersecurity issue and took according action when the issue caused a noticeable visual and auditory response. Participants preferred to be clearly informed about what happened and what to do through a combination of visual, tactile, and auditory warnings. The lack of knowledge of vehicle cybersecurity was obvious among participants. 
    more » « less
  5. ; ; ; (, Science & Education)
    While much is known about teacher learning of nature of science (NOS) concepts, less is known about how teachers develop an understanding of how to effectively teach NOS or how instructional views might differ across levels of the Family Resemblance Approach (FRA) wheel. Therefore, this study investigated the NOS instructional views related to different levels of the FRA wheel of preservice secondary science teachers as they completed a semester-long NOS course. At four times during the semester, data was collected through written documents and interviews about NOS instructional views. Participant NOS instructional views were evaluated in terms of three aspects of NOS teaching: explicit, reflective, and role of context (McComas et al., 2020). In terms of the explicit and reflective components of NOS instruction, participants generally progressed from utilizing inaccurate representations of NOS to inclusion of accurate implicit messages, and finally to explicit reflective instruction often mimicking course activities. As the semester progressed, their questioning also moved toward targeting more specific NOS aspects. As far as the role of context, participants moved from treating NOS as its own topic to a more embedded approach. Other findings include that preservice teachers tended to use more abstract and contextualized activities for social institutional aspects of NOS as opposed to concrete and moderately contextualized activities for cognitive-epistemic NOS. Features of the NOS course may account for some aspects of the learning progressions observed. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email