Three essays on Internet security---understanding users' security perceptions and behaviors.

摘要

This dissertation follows a three-essay style and tackles Internet security issues from various perspectives. In Essay 1, we examine how individuals in the US and China perceive and deal with online security threats. Drawing on a synthesis of the protection motivation theory, coping theory, and cross-national research, this study conceptualizes an individual security behavior (ISB) model, which identifies cross-national differences in individual Internet users' security perceptions and behaviors. The empirical results, based on 718 survey observations collected from the general public in the US and China, show that there are, indeed, significant national differences in the perceptions of online security threats and the ways to deal with them.;In Essay 2, we present a design science-based assessment of interface design elements for anti-phishing tools. An extensive taxonomy of important design elements is constructed. A survey is used to evaluate the perceived saliency of various elements encompassed in the taxonomy. Results suggest preferred design elements could be in line with efficient information processing of human vision and indicate that existing tools often fail to consider users' preferences regarding warning design alternatives. The results of users' preferences also show the presence of a subset of design elements that could potentially be customized for the population of our sample.;In Essay 3, we propose a user-centric approach to the design of effective fake-website detection tools that could promote the use of such tools, thus reducing the success rate of fake websites. Drawing upon the protection motivation theory, we conceptualize a model to uncover how salient performance-related design elements of detection tools could influence users' perceptions of the tools, their efficacy in dealing with threats, and their use of such tools. The research method was a controlled lab experiment with a novel and extensive experimental design and protocol in two distinct domains: online pharmacies and online banks. We found that trust in the detector is the pivotal coping mechanism in dealing with security threats and is a major conduit for transforming salient performance-related design elements into increased use. Therefore, trust should be used as a critical metric to evaluate the design, assess the performance, and promote the use of fake-website detectors.