Security Fatigue

Stanton, Brian; Theofanos, Mary F.; Prettyman, Sandra Spickard; Furman, Susanne M.

doi:10.1109/mitp.2016.84

Cited by 87 publications

(59 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Lack of planning only increases as these symptoms of security fatigue increases. Lack of planning, as we have noted, leads to more reactive decisions, leading to more security fatigue and so on [34].…”

Section: Discussionmentioning

confidence: 89%

“…Analysis of the relationship amongst these codes shows the ways in which they work together to either provide protection while online or not. Perhaps most important is the way in which the beliefs (Trust Too Much) and behaviors (No Plans) of non-experts result in the need for reaction which contributes to security fatigue [34]. The relationships amongst these codes are depicted by the behavioral model in Figure 1.…”

Section: Discussionmentioning

confidence: 99%

“…In particular, we were interested in identifying what characteristics influenced their attitudes and behaviors. From our previous studies of the general public's security practices [16] [28] [34], it became clear that it was necessary to expand our investigations beyond non-experts. To this end, we conducted in-depth interviews with both security experts and non-experts.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Be Prepared: How US Government Experts Think About Cybersecurity

Theofanos¹,

Stanton²,

Furman³

et al. 2017

Proceedings 2017 Workshop on Usable Security

Self Cite

View full text Add to dashboard Cite

Online security experiences, perceptions, and behaviors are key to understanding users security practices. Users express that they are concerned about online security, but they also express frustration in navigating the often confusing and mentally taxing cybersecurity world. This paper examines the differences in cybersecurity perception and behavior between cybersecurity experts in the US Government as contrasted with non-experts. The experts represent a very select group within United States Government Agencies who are directly responsible for cybersecurity guidance for the Federal Government. We used a semi-structured interview protocol to collect data from 23 experts and 21 non-experts. Interview questions addressed experiences, beliefs, and behaviors with respect to online security. Qualitative data techniques were used to code and analyze the data identifying themes related to the similarities and differences in expert and non-expert perceptions of and experiences with cybersecurity. The experts as a group don't trust, develop plans and are proactive in their approach to online security and see security as a personal challenge rather than a risky and potentially disrupting experience. In contrast, our non-experts trust too much, don't develop plans, and experience security with anxiety and fear. Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author's employer if the paper was prepared within the scope of employment.

show abstract

Section: Discussionmentioning

confidence: 89%

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Be Prepared: How US Government Experts Think About Cybersecurity

Theofanos¹,

Stanton²,

Furman³

et al. 2017

Proceedings 2017 Workshop on Usable Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…From a cybersecurity chain perspective, the real problems are: (i) insecure use, which leads to many security updates, and (ii) intentional misuse, which leads to continuous security patches. Both problems are user-centered; the insecure use results from security fatigue and user ignorance of security best practice, while the intentional misuse results from security-deficient systems and human desire to violate software or hardware under their control [9], [10].…”

Section: Introductionmentioning

confidence: 99%

Novel approach for cybersecurity workforce development: A course in secure design

Sharevski

Trowbridge

Westbrook

2018

2018 IEEE Integrated STEM Education Conference (ISEC)

View full text Add to dashboard Cite

Training the future cybersecurity workforce to respond to emerging threats requires introduction of novel educational interventions into the cybersecurity curriculum. To be effective, these interventions have to incorporate trending knowledge from cybersecurity and other related domains while allowing for experiential learning through hands-on experimentation. To date, the traditional interdisciplinary approach for cybersecurity training has infused political science, law, economics or linguistics knowledge into the cybersecurity curriculum, allowing for limited experimentation. Cybersecurity students were left with little opportunity to acquire knowledge, skills, and abilities in domains outside of these. Also, students in outside majors had no options to get into cybersecurity. With this in mind, we developed an interdisciplinary course for experiential learning in the fields of cybersecurity and interaction design. The inaugural course teaches students from cybersecurity, user interaction design, and visual design the principles of designing for secure use -or secure design -and allows them to apply them for prototyping of Internet-of-Things (IoT) products for smart homes. This paper elaborates on the concepts of secure design and how our approach enhances the training of the future cybersecurity workforce.

show abstract

“…One set of studies that can predict how ZTA affects end user experience is the work done on the use of MFA in enterprises and security fatigue. Security fatigue [3] is the phenomenon wherein end users are confronted with so many security policies and challenges that it begins to impact their productivity in a negative way. Other studies show that MFA may alter user behavior, but the overall change is mixed [4] [5].…”

mentioning

confidence: 99%

Zero Trust Architecture

Rose¹,

Borchert²,

Mitchell³

et al. 2020

Preprint

View full text Add to dashboard Cite

This publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130. Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and binding on federal agencies by the Secretary of Commerce under statutory authority. Nor should these guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce, Director of the OMB, or any other federal official. This publication may be used by nongovernmental organizations on a voluntary basis and is not subject to copyright in the United States. Attribution would, however, be appreciated by NIST.

show abstract

Security Fatigue

Cited by 87 publications

References 11 publications

Be Prepared: How US Government Experts Think About Cybersecurity

Be Prepared: How US Government Experts Think About Cybersecurity

Novel approach for cybersecurity workforce development: A course in secure design

Zero Trust Architecture

Contact Info

Product

Resources

About