Author(s): Mary Theofanos, Brian Stanton, Susanne Furman, Sandra Prettyman, Simson Garfinkel

Download: Paper (PDF)

Date: 26 Feb 2017

Document Type: Reports

Additional Documents: Slides

Associated Event: NDSS Symposium 2017


Online security experiences, perceptions, and behaviors are key to understanding users security practices. Users express that they are concerned about online security, but they also express frustration in navigating the often confusing and mentally taxing cybersecurity world. This paper examines the differences in cybersecurity perception and behavior between cybersecurity experts in the US Government as contrasted with non-experts. The experts represent a very select group within United States Government Agencies who are directly responsible for cybersecurity guidance for the Federal Government. We used a semi-structured interview protocol to collect data from 23 experts and 21 non-experts. Interview questions addressed experiences, beliefs, and behaviors with respect to online security. Qualitative data techniques were used to code and analyze the data identifying themes related to the similarities and differences in expert and non-expert perceptions of and experiences with cybersecurity. The experts as a group don   t trust, develop plans and are proactive in their approach to online security and see security as a personal challenge rather than a risky and potentially disrupting experience. In contrast, our non-experts trust too much, don   t develop plans, and experience security with anxiety and fear.