The Role of Heuristics in Information Security Decision Making Fard Bahreini, Amir Cenfetelli, Ron Cavusoglu, Hasan 2021-12-24T18:03:04Z 2021-12-24T18:03:04Z 2022-01-04
dc.description.abstract Inadvertent human errors (e.g., clicking on phishing emails or falling for a spoofed website) have been the primary cause of security breaches in recent years. To understand the root cause of these errors and examine practical solutions for users to overcome them, we applied the theory of bounded rationality and explored the role of heuristics (i.e., short mental processes) in security decision making. Interviews with 27 participants revealed that users rely on various heuristics to simplify their decision making in the information security context. Specifically, users rely on experts’ comments (i.e., expertise heuristic), information at hand, such as recent events (i.e., availability heuristic), and security-representative visual cues (i.e., representativeness heuristic). Findings also showed the use of other heuristics, including affect, brand, and anchoring, to a lesser degree. The results have practical and theoretical significance. In particular, they extend the literature by integrating bounded rationality concepts and elaborating “how” users simplify their security decision making by relying on cognitive heuristics.
dc.format.extent 10 pages
dc.identifier.doi 10.24251/HICSS.2022.587
dc.identifier.isbn 978-0-9981331-5-7
dc.language.iso eng
dc.relation.ispartof Proceedings of the 55th Hawaii International Conference on System Sciences
dc.rights Attribution-NonCommercial-NoDerivatives 4.0 International
dc.subject Innovative Behavioral IS Security and Privacy Research
dc.subject behavioral is security
dc.subject framework analysis
dc.subject heuristics
dc.subject inadvertent human errors
dc.subject the theory of bounded rationality
dc.title The Role of Heuristics in Information Security Decision Making
dc.type.dcmi text
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
418.8 KB
Adobe Portable Document Format