![Sample our Economics, Finance,Business & Industry journals, sign in here to start your access, latest two full volumes FREE to you for 14 days]({"type":"image" , "src" : "/sda/5931/TOC-Subject-Sample-2021-Economics-Finance-Business-Industry.jpg"})
Abstract
Users are vital to the information security of organizations. In spite of technical safeguards, users make many critical security decisions. An example is users’ responses to security messages – discrete communication designed to persuade users to either impair or improve their security status. Research shows that although users are highly susceptible to malicious messages (e.g., phishing attacks), they are highly resistant to protective messages such as security warnings. Research is therefore needed to better understand how users perceive and respond to security messages. In this article, we argue for the potential of NeuroIS – cognitive neuroscience applied to Information Systems – to shed new light on users’ reception of security messages in the areas of (1) habituation, (2) stress, (3) fear, and (4) dual-task interference. We present an illustrative study that shows the value of using NeuroIS to investigate one of our research questions. This example uses eye tracking to gain unique insight into how habituation occurs when people repeatedly view security messages, allowing us to design more effective security messages. Our results indicate that the eye movement-based memory (EMM) effect is a cause of habituation to security messages – a phenomenon in which people unconsciously scrutinize stimuli that they have previously seen less than other stimuli. We show that after only a few exposures to a warning, this neural aspect of habituation sets in rapidly, and continues with further repetitions. We also created a polymorphic warning that continually updates its appearance and found that it is effective in substantially reducing the rate of habituation as measured by the EMM effect. Our research agenda and empirical example demonstrate the promise of using NeuroIS to gain novel insight into users’ responses to security messages that will encourage more secure user behaviors and facilitate more effective security message designs.
Additional information
Notes on contributors
Bonnie Brinton Anderson
Bonnie Brinton Anderson is an Associate Professor of Information Systems and Director of the Master of Information Systems Management (MISM) program in the Marriott School of Management at Brigham Young University. She received her Ph.D. from Carnegie Mellon University. She also has an MPhil from CMU as well as BS and MAcc degrees from BYU. She was a consultant for Accenture prior to returning to graduate school for her Ph.D. Her work has been published in Journal of the Association for Information Systems, and Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI), Decision Support Systems, Electronic Commerce Research, Expert Systems with Applications; Electronic Commerce Research, Communications of the ACM, Information Sciences, IEEE Transactions: Systems, Men, and Cybernetics, The Journal of Systems and Software, and other outlets. She currently researches the intersection of decision neuroscience and behavioral information security.
Anthony Vance
Anthony Vance is as an Associate Professor of Information Systems in the Marriott School of Management of Brigham Young University. He has earned Ph.D. degrees in Information Systems from Georgia State University, USA; the University of Paris –Dauphine, France; and the University of Oulu, Finland. His previous experience includes working as a visiting research professor in the Information Systems Security Research Center at the University of Oulu. His work is published in outlets such as MIS Quarterly, Journal of Management Information Systems, Journal of the Association for Information Systems, European Journal of Information Systems, Journal of the American Society for Information Science and Technology, and Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI). His research focuses on behavioral and neuroscience applications to information security. He currently is an associate editor at MIS Quarterly and serves on the editorial board of Journal of the Association for Information Systems.
C Brock Kirwan
Brock Kirwan received his Ph.D. in Psychological and Brain Sciences from Johns Hopkins University in 2006. He has a decade of experience conducting fMRI scans with patient populations at Johns Hopkins University, the University of California, San Diego, the University of Utah, and now BYU. He has published numerous papers reporting fMRI and neuropsychological results in journals such as Science, Proceedings of the National Academy of Sciences, Neuron, and the Journal of Neuroscience.
David Eargle
David Eargle is a doctoral candidate in the Information Systems and Technology Management Area at the University of Pittsburgh in the Katz Graduate School of Business. He completed a joint baccalaureate-master’s program in information systems management at Brigham Young University, completing the IS Ph.D. preparation program and graduating magna cum laude with University Honors. His research interests include human-computer interaction and information security. He has coauthored several articles in these areas using neurophysiological and other methodologies in outlets such as the Journal of the Association for Information Systems, the International Conference on Information Systems, and the Hawaii International Conference on System Sciences, along with the Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI).
Jeffrey L Jenkins
Jeffrey L. Jenkins is an Assistant Professor of Information Systems at the Marriott School of Management, Brigham Young University. He graduated with a Ph.D. in Management Information Systems from the University of Arizona. His active research includes human-computer interaction and behavioral information security. In a human-computer interaction context, his research explores how to infer human states using computer input devices such as the computer mouse, keyboard, or touchscreen. His research has been published in various journals and conference proceedings, including MIS Quarterly, Journal of Management Information Systems, Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI), Computers in Human Behavior, and others. Prior to earning his Ph.D., he was a software engineer in both the public and private sectors.