סמינר מחלקתי

Effects of Security Warnings and Blocking on Risk Taking in IT Systems

Omer Dembinsky - Department of Industrial Engineering

Abstract

While working on an IT system (computer, smartphone) a user might choose to perform a risky behavior, such as browsing to an unknown website, downloading a file/application or connecting an external device. These actions are meant to assist the user in trying to achieve a specific goal (work, entertainment) which gives a certain value to the user. The result may be the desired one, but it might also be a negative outcome if a malicious program (virus, Trojan horse) is hidden and activated.

In order to help the user decide whether it is safe to perform a certain action or not a security system can be used. The system monitors the actions performed by the user and when relevant provides a warning or even blocks the action in order to protect the user.

This work examines different security system designs, focusing on the comparison between a Warning and a Blocking system, and their influence on the user’s risk taking, as well as on the productivity of work and the amount of security events (i.e. downloading malware). A normative mathematical model of the human behavior in this situation was developed and an experiment was carried out to examine the model and to compare its predictions to the actual user behavior.

This work was performed under the supervision of Prof. Joachim Meyer.

ההרצאה תתקיים ביום שלישי 09.06.15, בשעה 14:00 בחדר 206, בנין וולפסון הנדסה, הפקולטה להנדסה, אוניברסיטת תל-אביב.