Link to the University of Pittsburgh Homepage
Link to the University Library System Homepage Link to the Contact Us Form

Security Messages: Or, How I Learned to Stop Disregarding and Heed the Warning

Eargle, David W. (2017) Security Messages: Or, How I Learned to Stop Disregarding and Heed the Warning. Doctoral Dissertation, University of Pittsburgh. (Unpublished)

Download (5MB) | Preview


Attacks on information security continue to be reported in the media, and result in large losses for organizations. While some attacks are the result of sophisticated threats, others can be traced to failures by organizational insiders to observe basic security policies such as using caution when opening unsolicited email attachments. Faced with the challenges and time demands of everyday stressors, security policy compliance can be costly for individuals; security actions require time and distract attention from other primary tasks. This costliness can lead individuals to ignore prompts to perform security updates, scan their computers for threats, or reboot their computers to apply security updates.

This dissertation contains three studies that address the following overarching research question: How can end-user adherence to security messages be better understood and improved, and how can theory inform security-message design? First, two complementary studies are presented that examine the integration of media naturalness theory into a security message context using field study and fMRI designs. Study 1, the field study, unobtrusively captures objective measures of attention from Amazon Mechanical Turk users (N=510) as they perform a between-subjects deception protocol. Study 2, the fMRI study, examines neural activations from a within-subjects participant design (N=23) in response to different security message designs with integrated emotive human facial expressions. Data from studies 1 and 2 show that warnings with integrated facial expressions of threat (fear, disgust) generally elicited greater adherence rates and higher evidence of cognition and elaboration than did warnings with integrated neutral facial expressions or than did warnings with no integrated facial expressions, supporting our hypotheses. Study 3 explores the pattern of risk taking and analysis that users engage in when interacting with interruptive security messages. The corroboration of multiple behavioral dependent variables suggests that users predominantly use a bimodal risk tradeoff paradigm when interacting with interruptive security messages. All three studies address the overarching research question of understanding and improving end user adherence to security messages.


Social Networking:
Share |


Item Type: University of Pittsburgh ETD
Status: Unpublished
CreatorsEmailPitt UsernameORCID
Eargle, David W.dave@daveeargle.comdae41
ETD Committee:
TitleMemberEmail AddressPitt UsernameORCID
Committee ChairGalletta,
Committee MemberKirsch,
Committee MemberFraundorf,
Committee MemberRamasubbu,
Committee MemberVance,
Date: 30 August 2017
Date Type: Publication
Defense Date: 12 April 2017
Approval Date: 30 August 2017
Submission Date: 27 April 2017
Access Restriction: No restriction; Release the ETD for access worldwide immediately.
Number of Pages: 122
Institution: University of Pittsburgh
Schools and Programs: Joseph M. Katz Graduate School of Business > Management of Information Systems
Degree: PhD - Doctor of Philosophy
Thesis Type: Doctoral Dissertation
Refereed: Yes
Uncontrolled Keywords: security messages, threat attention, media naturalness theory, NeuroIS, risk tradeoff, heuristic-systematic model
Date Deposited: 30 Aug 2017 22:02
Last Modified: 30 Aug 2017 22:02


Monthly Views for the past 3 years

Plum Analytics

Actions (login required)

View Item View Item