The Role of Instructional Design in Persuasion: A Comics Approach for Improving Cybersecurity

Abstract

Although computer security technologies are the first line of defense to secure users, their success is dependent on individuals’ behavior. It is therefore necessary to persuade users to practice good computer security. This interview analysis of users’ conceptualization of security password guessing attacks, antivirus protection, and mobile online privacy shows that poor understanding of security threats influences users’ motivation and ability to practice safe behaviors. An online interactive comic series called Secure Comics was designed and developed based on instructional design principles to address this problem. An eye-tracking experiment suggests that the graphical and interactive components of the comics direct users’ attention and facilitate comprehension of the information. In the evaluations of Secure Comics, results from several user studies show that the comics improve understanding and motivate positive changes in security management behavior. The implication of the findings to better understand the role of instructional design and persuasion in education technology are discussed.

Notes

¹ The set of all possible password combinations for a given system configuration.

² A previously unknown computer virus or other malware for which specific antivirus software signatures are not yet available.

³ In all cases, p < .05 is considered significant.

⁴ See Zhang-Kennedy et al. (2013) for detailed descriptions of the infographic designs.

⁵ See Zhang-Kennedy, Chiasson, et al. (2014) for detailed descriptions of the infographic designs.

⁶ See Mekhail et al. (2014) for detailed descriptions of the infographic designs.

⁷ Image was obtained from the original screen recording and outputted as a JPEG.

⁸ For the password comic, interviews were conducted with only 13 participants; therefore, the comparison between the pretest and posttest results were based on these 13 responses.

⁹ Although our studies used different point scales for these two questions, the results were all clearly highly positive.

Additional information

Funding

This project has been partially funded by the Office of the Privacy Commissioner of Canada (OPC); the views expressed herein are those of the authors and do not necessarily reflect those of the OPC. Sonia Chiasson acknowledges funding from NSERC for her Canada Research Chair in Human Oriented Computer Security. This work was also partially funded by the NSERC ISSNet Strategic Network and the GRAND Networks of Centres of Excellence.

Notes on contributors

Leah Zhang-Kennedy

Leah Zhang-Kennedy is a PhD candidate at Carleton University in the School of Computer Science, and a member of the CHORUS lab. She has a MASc in human–computer interaction from Carleton University. Her primary research interests are in the interdisciplinary areas of usable security, persuasive technology, and information visualization.

Sonia Chiasson

Sonia Chiasson is the Canada Research Chair in Human Oriented Computer Security and a faculty member in the School of Computer Science at Carleton University in Ottawa, Canada. Her main research interests are in usable security and privacy: the intersection between human–computer interaction and computer security and privacy.

Robert Biddle

Robert Biddle is a professor at Carleton University in Ottawa, appointed both to the School of Computer Science and the Institute of Cognitive Science. His research is primarily in human factors in cyber-security and software design, especially creating and evaluating innovative designs for computer security software and collaborative software development.