Indiana University Bloomington

Luddy School of Informatics, Computing, and Engineering

Technical Report TR707:
Perceptions of Computing Risks

Vaibhav Garg; L Jean Camp
(Jul 2013), 24 pages
Abstract:
Understanding end-users' perceptions of information security risks is critical for the design of warnings and interactions that inform non- expert behaviors. To the extent that risk decisions are subject to bounded rationality offline, the perceived probability of risk has been judged by its salience and the perceived magnitude is impinged by the perceived benefi ts of the risky activity. Does this apply online despite the lack of potential physical harm? In this paper, we build on offline physical risk determinants by investigating the underlying determinants of perceived risk online. We evaluate perceptions of thirty technical risks, each grounded in one of six distinct mental model categories. We analyze the determinants of risk independently and then within each mental model. We compare the determinants and the mental models of experts and non-experts. Identity theft was identified as most risky, while severity was the most important determinant of perceived risk.

Available as: