Right Now Is the Wrong Time: And Other Considerations When Presenting Security Warnings

Authors

Brock Johanson, Brigham Young University
Bonnie Anderson, Brigham Young University

Keywords

security warnings, neurological measurements, information systems

College

Marriott School of Business

Department

Information Systems

Abstract

Neuro Information Security (NeuroIS) focuses on the use of neurological measurements to improve the security of information systems. The BYU NeuroIS lab uses neurological tools and measurements to examine factors that affect security outcomes. Previous work has focused on various factors such as dual task interference (DTI), threat assessment, as well as factors such as habituation and generalization, which have become focus streams of research. The primary point of failure in most security related incidents tends to be users themselves. As such, anything that can be used to overcome neurobiological phenomenon such as those listed above can ultimately lead in better security outcomes. A primary point of failure is in adherence to security messages, which are often glossed over when users are in a hurry to complete another task, or interpreted as another ubiquitous system notification. DTI arises when a user must perform two tasks, a primary task and a secondary task concurrently. In DTI scenarios there is competition for cognitive resources, and the user’s primary task, which began before the warning was displayed, takes precedence and consequently the warning may not be adequately processed (Pashler 1994). A similarly compromising scenario occurs when users interpret security warnings, as “just another message” modeling the effects of habituation and generalization. Habituation occurs when something is seen frequently, and consequently given less importance in the user’s mind (Thompson and Spencer 1966). Generalization occurs when warnings, which are similar to previously viewed notifications or popups, are interpreted as being the same, and therefore treated the same as other notifications. Our research examines both of these phenomenon and their importance to security outcomes, generally focusing on adherence to security warnings.

Recommended Citation

Johanson, Brock and Anderson, Bonnie (2017) "Right Now Is the Wrong Time: And Other Considerations When Presenting Security Warnings," Journal of Undergraduate Research: Vol. 2017: Iss. 1, Article 255.
Available at: https://scholarsarchive.byu.edu/jur/vol2017/iss1/255