Conference Paper

Self-Confidence Trumps Knowledge: A Cross-Cultural Study of Security Behavior

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

Computer security tools usually provide universal solutions without taking user characteristics (origin, income level, ...) into account. In this paper, we test the validity of using such universal security defenses, with a particular focus on culture. We apply the previously proposed Security Behavior Intentions Scale (SeBIS) to 3,500 participants from seven countries. We first translate the scale into seven languages while preserving its reliability and structure validity. We then build a regression model to study which factors affect participants' security behavior. We find that participants from different countries exhibit different behavior. For instance, participants from Asian countries, and especially Japan, tend to exhibit less secure behavior. Surprisingly to us, we also find that actual knowledge influences user behavior much less than user self-confidence in their computer security knowledge. Stated differently, what people think they know affects their security behavior more than what they do know.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... This suggests that cultural factors can shape secure technology usage. Sawaya et al. (2017) investigated the differences in security behaviors among individuals from diverse cultures and observed that individuals in Asia (e.g. Japan) demonstrated less secure behavior as compared to those in Western countries (e.g. ...
... Previous research has demonstrated the importance of considering cultural differences in the customization of security tools (Sawaya et al., 2017). Ndibwile et al. (2018) found significant differences in security perception between Japanese and Tanzanian smartphone users, leading the authors to suggest the redesign of security notifications to better align with each country's cultural norms. ...
... The impact of user knowledge on their security intentions has been discussed in previous research (Egelman and Peer, 2015;Hull et al., 2021). However, the study by Sawaya et al. (2017) suggested that users' self-confidence in their cybersecurity knowledge had a greater positive impact on their security behaviors compared to their actual cybersecurity knowledge. Nonfinancial rewards, which are known to impact users' intrinsic motivation (Silverman, 2004), may be useful in building users' self-confidence and encouraging secure behavior in smart homes. ...
Article
Purpose Smart-home security involves multilayered security challenges related to smart-home devices, networks, mobile applications, cloud servers and users. However, very few studies focus on smart-home users. This paper aims to fill this gap by investigating the potential interests of adult smart-home users in cybersecurity awareness training and nonfinancial rewards that may encourage them to adopt sound cybersecurity practices. Design/methodology/approach A total of 423 smart-home users between the ages of 25 and 64 completed a survey questionnaire for this study, with 224 participants from Japan and 199 from the UK. Findings Cultural factors considerably influence adult smart-home users’ attitudes toward cybersecurity. Specifically, cultural differences impact their willingness to participate in cybersecurity awareness training, their views on the importance of cybersecurity training for children and senior citizens and their preference for nonfinancial rewards as an incentive for good cybersecurity behavior. These results highlight the need to consider cultural differences and their potential impact when developing and implementing cybersecurity programs that target smart-home users. Practical implications This research has two main implications. First, it provides insights for information security professionals on the importance of designing cost-effective and time-efficient cybersecurity awareness training programs for smart-home users. Second, the findings may assist governments in establishing nonfinancial incentives to encourage greater uptake of cybersecurity practices among smart-home users. Originality/value The paper investigates whether adult smart-home users are willing to spend time and money to engage in cybersecurity awareness training and to encourage their children and elderly parents to participate in training, as well. In addition, the paper examines incentives, especially nonfinancial rewards, that may motivate adult smart-home users to adopt cybersecurity behaviors at home. Furthermore, the paper analyses demographic differences among smart-home users in Japan and the UK.
... A replication study can be used to examine the generalizability of the findings of an existing study to a new population or to evaluate the robustness of the findings of an existing study when a new study design is used. Although several existing UPS papers have already shown that regional and cultural differences affect the results [28,53,62,78], we found that most UPS studies have examined only WEIRD societies and not considered/discussed whether geographic diversity affects the results. Therefore, the current UPS research is insufficient from two perspectives: to evaluate and discuss the generalizability of the results, and to identify different insights from geographically diversified populations. ...
... Overall, the papers investigating participants from multiple countries or cultures reported that country or culture particularly affected the results [28,53,62,78]. Sawaya et al. investigated the Security Behavior Intentions Scale (SeBIS) of participants from seven countries and found that participants from Asian countries, and especially Japan, tended to exhibit less secure behavior [78]. ...
... Overall, the papers investigating participants from multiple countries or cultures reported that country or culture particularly affected the results [28,53,62,78]. Sawaya et al. investigated the Security Behavior Intentions Scale (SeBIS) of participants from seven countries and found that participants from Asian countries, and especially Japan, tended to exhibit less secure behavior [78]. Mori et al. compared passwords generated by users from UK, India, and Japan. ...
Preprint
In human factor fields such as human-computer interaction (HCI), psychology, and behavioral sciences, researchers have been concerned that participant samples are skewed toward WEIRD, i.e., participants mostly come from Western, Educated, Industrialized, Rich, and Democratic societies. This WEIRD skew may affect the generalizability of study results and hinder understanding of diverse participant populations and their cultural differences. The usable privacy and security (UPS) field has inherited many research methodologies from research on human factor fields such as HCI. We conducted a literature review to understand the extent to which participant samples in UPS papers were WEIRD and the characteristics of the methodologies and research topics in each user study recruiting Western or non-Western participants. We found that the skew toward WEIRD in UPS is greater than that in HCI. Geographic and linguistic barriers in the study methods and recruitment methods may cause researchers to conduct a user study locally. In addition, many papers did not report participant demographics, which could hinder the replication of the reported studies, leading to low reproducibility. We provide the following suggestions to improve geographic diversity: facilitate replication studies, improve reproducibility, address issues of study and recruiting methods, diversify researchers, and facilitate research on the topics for non-WEIRD populations.
... Previous research suggests there is notable diversity in user insight and comprehension of available cybersecurity tools [41,44,110,126,131], and several reports have now called attention to a possible correlation across users' technical expertise, their understanding of security, and users' incorporation of more secure behaviors [88,99,107,113]. Research exploring susceptibility to phishing has shown varied results depending on demographic factors such as age, gender, disability, education, and digital access [10,78,87,105,109,118,132]. ...
... Many of our participants' comments and experiences align with existing research on phishing and anti-phishing interventions in the workplace. Like other researchers, we see employees' antiphishing awareness [e.g., 1,96,127,128], confdence [e.g., 52,107,118,121], and competence [e.g., 29,32,39,98,99,104] to be key factors in understanding how workers react when encountering suspicious messages. In order to fully understand how these factors inform employee responses, however, we must also look at how awareness, confdence, and competence are themselves shaped by varying organizational factors such as organization-specifc phishing-related policies and protocols, organizational structure and the strength of social ties between employees and their IT colleagues, and employee incentivization for anti-phishing compliance and their organization's success more generally. ...
... To support this research, more work needs to be done to explore other ways in which cybersecurity measures can leverage employees' relationships with their IT personnel and IT departments as well as how users' choices afect experts' recommendations and decision-making. We see a need for more work in this area, especially because participant demographics and diversity in participant selection appear to be lacking in current phishing user studies [27] despite the documented variance in user behavior among diferent populations of end users [71,90,100,107,118,126]. ...
Article
Phishing attacks, in which deceptive messages purporting to be from a legitimate contact are used to trick recipients and acquire sensitive information for the purposes of committing fraud, are a substantial and growing problem for organizations. IT departments and professionals may put in place a variety of institutional responses to thwart such attacks, but an organization's susceptibility to phishing also depends on the decisions and actions of individual employees. These employees may have little phishing expertise but still need to react to such attempts on a daily basis. Based on 24 semi-structured interviews with mid-career office workers (70.8% women, averaging 44 years old, with a bachelor's degree or more) at two universities in the midwestern United States, we find that employees self-describe a wide range of levels of awareness of, and confidence, competency and investment in, the organization's proscribed anti-phishing policies and practices. These employees also describe variation in the ways they would prefer to increase their perceived performance levels in all of these areas. In this paper, we argue that in order to empower employees to be better collaborators in an organization's anti-phishing efforts, organizations should embrace a range of efforts akin to the range of expertise among the users themselves. We make four such empowering recommendations for organizations to consider incorporating into their existing anti-phishing policies and practices, including suggestions to 1) embrace educating non-expert users more fully on organizational processes and consequences, 2) provide employees with a standing one-to-one communication channel between them and an IT phishing point-of-contact, 3) keep employees in the loop once phishing reports are made, and 4) avoid testing employees with "gotcha" assessments.
... Sawaya et al. [35] examined security behavior and its predictive factors in an online questionnaire study in seven countries: China, France, Japan, Russia, South Korea, USA and United Arab Emirates. The study found country, income, technical familiarity (a job or degree in technical areas), self confidence, and technical knowledge to be significant predictors for security behavior. ...
... International surveys pose a number of challenges related to the required translations, e. g., technical terms or different educational systems. We have mitigated these problems by using professional translations, back translation with native speakers (see [14,35]), and the use of internationally established methods for measuring education, such as the ISCED [42]. For the back translations, we recruited native speakers from our personal and professional circles to read through the survey with a participating researcher and back-translate it into English or German. ...
... The differences of country in its predictive power were somewhat smaller for German participants and those from other Western countries, especially for those from Israel. 2 This is in line with prior findings, pointing out that the research community should not view results from Western countries as the "norm" and results from non-Western countries as "exotic" [22]. Similarly to other cross-cultural studies on privacy and security (e. g., [14,35,45]), our findings on misconceptions show that results differ across cultures and that results from Western countries are rather alike but differ in many cases from those of non-Western countries. ...
Preprint
Full-text available
Misconceptions about digital security and privacy topics in the general public frequently lead to insecure behavior. However, little is known about the prevalence and extent of such misconceptions in a global context. In this work, we present the results of the first large-scale survey of a global population on misconceptions: We conducted an online survey with n = 12, 351 participants in 12 countries on four continents. By investigating influencing factors of misconceptions around eight common security and privacy topics (including E2EE, Wi-Fi, VPN, and malware), we find the country of residence to be the strongest estimate for holding misconceptions. We also identify differences between non-Western and Western countries, demonstrating the need for region-specific research on user security knowledge, perceptions, and behavior. While we did not observe many outright misconceptions, we did identify a lack of understanding and uncertainty about several fundamental privacy and security topics.
... The younger participants also exhibited weak cybersecurity behaviors in password practices and proactive awareness (Gratian et al. 2018). Another multi-national study from seven countries reported the cyber-security behavior of 3500 participants (Sawaya et al. 2017) using the Security Behavior Intention Scale (SeBIS) instrument. A total of 500 participants (from China, France, Japan, Russia, South Korea, USA and UAE) showed differences in their security behavior with the Japanese exhibiting the least secure behavior. ...
... As a result, the literature seems to exhibit reporting bias in terms of context and geographical location (Crossler et al. 2013). The findings reported in the context of developed countries may not generalize well to users from less studied regions (Sawaya et al. 2017). There are few notable mentions carried out in developing countries such as Malaysia (Faith et al. 2020) (Muniandy et al. 2017), Oman (Ramalingam et al. 2016) and India (Senthilkumar and Easwaramoorthy 2017) but again these studies lack utilization of proper scales and fail to holistically report the cyber-security behavior. ...
... Understanding the cyber-security posture of developing nations is important since there are differences in the cyber-security behavior of participants from different regions of the world (Sawaya et al. 2017). Findings from the developing countries call for more research in tertiary institutes to better understand the cyber-security posture of students and hence the need for cyber-security training and practices (AlMindeel and Martins 2020). ...
Article
Full-text available
Cyber-security behavior research is scant with even scarce studies carried out in developing countries. We examine the cyber-security and risky Internet behaviors of undergraduate students from Pakistan, taking into account the diversity of these students in terms of demographics, socioeconomic status, and the digital divide. Data were collected using a survey questionnaire. A total of 294 students belonging to six different cities of Pakistan were surveyed employing multistage stratified sampling in face-to-face interaction. The results indicated significant differences of cyber-security posture in terms of gender, age and digital divide variables. The profiles of students based on cyber-security and risky Internet behaviors indicate three groups with a majority of them falling into group that exhibits more risk-averse yet low cyber-security behavior. Moreover, proactive cyber-security awareness behavior has a positive impact on high risk-averse behavior. The implications of the findings are studied in terms of providing customized training and awareness. The future directions are laid out for further explorations in terms of cultural differences within and cross-country contexts.
... We also extracted participants' cultural background, operationalizing it as participants' country or region (e.g., Europe) (Sawaya et al., 2017). Nationality or region is not always coextensive with cultural background (Taras et al., 2016). ...
... Since Hofstede's original questionnaire is perhaps too long for inclusion into XAI user studies (it contained 126 questions), for XAI studies investigating, for instance, individualist/collectivist differences, we recommend that researchers adapt the related items from this questionnaire, as it is validated. That said, Hofstede's theory and methodology have also been criticized for being overgeneralizing (McSweeney, 2002), leading some technology researchers to use nationality as a proxy for culture instead (Ur & Wang, 2013;Sawaya et al., 2017). To capture that culture is a multidimensional construct, XAI researchers may therefore refrain from any single definition of culture and instead individually measure (via self-report items) users' nationality, racial/ethnic background, country of residence, home language and the relevant aspect of Hofstede's construct and then conduct regression analyses to identify and report the strongest predictor of responses to XAI outputs. ...
Article
For synergistic interactions between humans and artificial intelligence (AI) systems, AI outputs often need to be explainable to people. Explainable AI (XAI) systems are commonly tested in human user studies. However, whether XAI researchers consider potential cultural differences in human explanatory needs remains unexplored. We highlight psychological research that found significant differences in human explanations between many people from Western, commonly individualist countries and people from non-Western, often collectivist countries. We argue that XAI research currently overlooks these variations and that many popular XAI designs implicitly and problematically assume that Western explanatory needs are shared cross-culturally. Additionally, we systematically reviewed over 200 XAI user studies and found that most studies did not consider relevant cultural variations, sampled only Western populations, but drew conclusions about human-XAI interactions more generally. We also analyzed over 30 literature reviews of XAI studies. Most reviews did not mention cultural differences in explanatory needs or flag overly broad cross-cultural extrapolations of XAI user study results. Combined, our analyses provide evidence of a cultural bias toward Western populations in XAI research, highlighting an important knowledge gap regarding how culturally diverse users may respond to widely used XAI systems that future work can and should address.
... Chiebukuro (Yahoo! ) [14], the largest Q&A site for non-experts in Japan. We chose a Japanese Q&A site because a previous survey revealed that among Arabic, French, Japanese, Chinese, Korean, and Russian participants, the Japanese participants exhibited the least secure behaviors [15]. Thus, we speculated that a Japanese Q&A site would contain the questions commonly asked by those with less knowledge of security and privacy. ...
... For example, we investigated Yahoo! Chiebukuro in this study, which only supports Japanese, and we acknowledge that non-expert users from Japan may have different security and privacy attitudes compared to those from other countries due to differences in cultural factors or security and privacy literacy levels [15], [101]- [104]. However, we believe that our findings identify the potential issues that researchers from other countries also need to resolve because most of the security and privacy technologies and concepts mentioned in our dataset are common to users worldwide. ...
Article
Although security and privacy technologies are incorporated into every device and service, the complexity of these concepts confuses non-expert users. Prior research has shown that non-expert users ask strangers for advice about digital media use online. In this study, to clarify the security and privacy concerns of non-expert users in their daily lives, we investigated security- and privacy-related question posts on a Question-and-Answer (Q&A) site for non-expert users. We conducted a thematic analysis of 445 question posts. We identified seven themes among the questions and found that users asked about cyberattacks the most, followed by authentication and security software. We also found that there was a strong demand for answers, especially for questions related to privacy abuse and account/device management. Our findings provide key insights into what non-experts are struggling with when it comes to privacy and security and will help service providers and researchers make improvements to address these concerns.
... We recruited 309 3 enduser participants using Prolific [63], a typical crowdsourcing platform for recruiting participants for empirical privacy studies [20]. We decided to recruit participants residing in the U.K. because (1) privacy is a cultural and contextual topic, and people's interpretation of what privacy means can vary based on where they are located [14,69,70,97]; 4 (2) Prolific offers representative samples only for two countries, the U.S. and the U.K. [64]; (3) we had limited resources and budget; and (4) a simple translation from English into other languages could have caused different interpretations of our questions. To avoid this, we would have needed to perform a validated translation, instead of a simple translation, for consistency (as stated in [70]), requiring additional resources. ...
... We decided to recruit participants residing in the U.K. because (1) privacy is a cultural and contextual topic, and people's interpretation of what privacy means can vary based on where they are located [14,69,70,97]; 4 (2) Prolific offers representative samples only for two countries, the U.S. and the U.K. [64]; (3) we had limited resources and budget; and (4) a simple translation from English into other languages could have caused different interpretations of our questions. To avoid this, we would have needed to perform a validated translation, instead of a simple translation, for consistency (as stated in [70]), requiring additional resources. Thus, we ran our survey in English. ...
Preprint
Full-text available
While the literature on permissions from the end-user perspective is rich, there is a lack of empirical research on why developers request permissions, their conceptualization of permissions, and how their perspectives compare with end-users' perspectives. Our study aims to address these gaps using a mixed-methods approach. Through interviews with 19 app developers and a survey of 309 Android and iOS end-users, we found that both groups shared similar concerns about unnecessary permissions breaking trust, damaging the app's reputation, and potentially allowing access to sensitive data. We also found that developer participants sometimes requested multiple permissions due to confusion about the scope of certain permissions or third-party library requirements. Additionally, most end-user participants believed they were responsible for granting a permission request, and it was their choice to do so, a belief shared by many developer participants. Our findings have implications for improving the permission ecosystem for both developers and end-users.
... Cross-cultural studies are positioned as a crucial theme in the field of cybersecurity because culture directly impacts security-related phenomena [41]. Recently, many rec 2022 Information Processing Society of Japan searchers have conducted a variety of cross-cultural security studies, such as those on the security behavior intentions scale (Se-BIS) [42], generated passwords [43], smartphone unlocking [44], and account security incident response [45]. Some of these crosscultural studies adopted Hofstede's cultural dimensions [46] to interpret the observed differences in security behavior by linking them to the national characteristics, such as the individualismcollectivism dimension [45]. ...
... However, in addition to language, cultural differences may have influenced the results of this study. Sawaya et al. [42] and Harbach et al. [44] examined "active" attitudes for the secure use of devices or services (e.g., updating software, strengthening passwords, and locking smartphones) and reported that the Japanese participants exhibited less secure behavior compared with participants from other countries. We cannot conclude that those results are inconsistent with our result indicating that Japanese participants are less likely to engage in security-risk-prone behavior, as shown in Table 4. People's behavior may vary depending on the context, thus our work focused on revealing behavioral tendencies in the context of phishing email. ...
Article
Phishing, a form of online fraud, remains a huge cybersecurity threat. Recent research in cybersecurity and risk management revealed the possibility that non-native speakers of the language used in phishing emails are more susceptible to such attacks. Although many studies have focused on the behaviors that native English speakers use to avoid phishing attacks, little is known about the behaviors of non-native speakers. Therefore, we conducted an online survey with 862 non-native English speakers (284 Germans, 276 South Koreans, and 302 Japanese). We showed that non-native English speakers are regularly exposed to English phishing emails. Through our scenario-based roleplay task, we found that participants, especially those who lacked confidence in English, had a higher tendency to ignore English emails without careful inspection than emails in their native languages. Furthermore, both the German and South Korean participants generally followed the instructions in the email in their native languages without careful inspection. Finally, our qualitative analysis revealed five main concerns in identifying English phishing emails: difficulty understanding email content, difficulty identifying errors and unnatural language, unfamiliarity with phishing emails, decreased attention, and difficulty finding similar cases. These findings highlight the importance of providing non-native speakers with specific anti-phishing interventions that differ from those for native speakers.
... The cybersecurity behavior of the students was measured in order to find the behavioral change due to the training intervention. We made use of Security Behavior Intention Scale (SeBIS) ( Sawaya et al., 2017 ) which is a self-report measure of security behavioral intention. We adopted the scale from ( Sawaya et al., 2017 ) which consists of 16 items. ...
... We made use of Security Behavior Intention Scale (SeBIS) ( Sawaya et al., 2017 ) which is a self-report measure of security behavioral intention. We adopted the scale from ( Sawaya et al., 2017 ) which consists of 16 items. It contains 4 subscales namely 1) Device Securement, 2) Password Generation, 3) Proactive Awareness and 4) Updating Behavior. ...
Article
Context Cybersecurity behavioral literature has a significant number of studies on training and awareness. However, there is lack of theoretical lens in developing intervention to allow for positive behavioral change and evaluating them. The evaluation of theory based cybersecurity training warrants the use of program evaluation techniques. Objective The protection motivation theory (PMT) was employed to understand the behavioral change after the implementation of cybersecurity training. The evaluation was done on three levels of Kirkpatrick's evaluation model – reaction, learning and behavior. Method A pre-post quasi experimental design was adopted in this research. A total of 154 undergraduate students from computing and digital arts backgrounds took part in the research. Results The results of the study showed that the PMT based training was effective in increasing the threat knowledge of the students along with the increase in information of countermeasure strategies. From the two components of the PMT, self-efficacy was found to be the significant predictor of the cybersecurity behavioral intention in both pre-test and post-test PMT models. The cybersecurity training increased the self-efficacy of the students significantly and contributed towards cybersecurity behavioral intention change. The findings of this study imply that in designing the cybersecurity trainings, educators should dominantly take into account the self-efficacy component of the PMT.
... Furthermore, existing literature has conducted cross-national ISA research, which discovered that more secure cybersecurity behaviour was, to some extent, related to a country's higher GDP or better development, while the results were constantly changing. [42,43]. ...
... An important methodological implication for the future was that, with readily available gures of national education level, the year level (education level) and length of time at work (SEL) were quanti able measures, similar to existing cross-national ndings (e.g., [22,42,43]. As a result, it addresses the issue that GDP and nationality are inconsistent predictors of national ISA. ...
Preprint
Full-text available
During the pandemic, the prevailing online learning has brought tremendous benefits to the education fields, however, it has also become a target for cybercriminals. Cybersecurity awareness (CSA) or Internet security awareness (ISA) in the education sector turns out to be critical to mitigating cybersecurity risks. However, previous research indicated that using education level alone to judge CSA level received inconsistent results. This study postulated Social Educational Level (SEL) as a moderator with an extended Knowledge- Attitude-Behaviour (KAB) model, used students’ year level as a proxy for the impact of education level, used work exposure for the influence of social education level, to compare CSA among undergraduates, postgraduates and working graduates. The participants in the study were divided into six groups, namely Year 1 university students, Year 2-3university students, final year students, postgraduate students and young working graduates, and experienced working graduates. Human Aspects of Information Security Questionnaire (HAIS-Q) was used to conduct a large-scale survey. The Multivariate regression model analysis showed significant differences among the knowledge, attitude and behaviour dimensions across groups with different conditions of year level and work exposure. However, it was found that SEL played a more significant role than an individual’s education level. The study suggested that a greater endeavour be committed to educating the public at large together with individuals, institutes, corporate and governments to improve the national CSA level.
... For this reason and others, many studies have hypothesized personal and social factors that affect behavioural decisions, such as age (Cain et al., 2018), gender (Chaudhary et al., 2015), self-efficacy (Choi et al., 2013), stress level (McCormac et al., 2018, cultural beliefs (Wiley et al., 2020) and work environment (Hadlington and Parsons, 2017); these studies focus on behavioural differences at an individual or interpersonal level in a confined context. Other studies examine cybersecurity differences from a cross-national perspective (Berki et al. 2017;Chen & Zahedi, 2016;Sawaya et al., 2017, Zwilling et al., 2020. To name but a few, Berki et al. (2017) investigated cloud services security knowledge, attitude and usage of higher institute students from Greece, Finland, Nepal, the UK and China. ...
... Along the same vein, the proposed model opens up possibilities for more convenient and accurate cross-national comparisons. It fits existing cross-national findings well (e.g., Berki et al., 2017;Sawaya et al., 2017;Chen & Zahedi, 2016;Zwilling et al., 2020) and can explain why GDP and nationality may fail to predict national ISA consistently. ...
Article
Full-text available
Recent studies on the pandemic have focused on the DOs and DON’Ts of recovery remedies, but few have investigated the pandemic-spawned fundamental internal problems of the enterprises in order to diminish the impacts of the mega-crisis and relieve the need for recovery efforts. It is incontestable that employees are one of the major victims of the pandemic crisis; their negative emotions caused by the increasing career and financial instability have heightened the challenges of their enterprises that are striking for survival. This research has identified a breakthrough that extends the effect of CSR efforts from the traditional societal focus to internal employees, to whom CSR is found to mediate the undesirable escape habits and anti-crisis behaviours resulted from crises. This strengthens the understanding and value of CSR, while presents management with a novel mixed strategy to stabilize employee emotions and assemble their competence to get through a crisis.
... For this reason and others, many studies have hypothesized personal and social factors that affect behavioural decisions, such as age (Cain et al., 2018), gender (Chaudhary et al., 2015), self-efficacy (Choi et al., 2013), stress level (McCormac et al., 2018, cultural beliefs (Wiley et al., 2020) and work environment (Hadlington and Parsons, 2017); these studies focus on behavioural differences at an individual or interpersonal level in a confined context. Other studies examine cybersecurity differences from a cross-national perspective (Berki et al. 2017;Chen & Zahedi, 2016;Sawaya et al., 2017, Zwilling et al., 2020. To name but a few, Berki et al. (2017) investigated cloud services security knowledge, attitude and usage of higher institute students from Greece, Finland, Nepal, the UK and China. ...
... Along the same vein, the proposed model opens up possibilities for more convenient and accurate cross-national comparisons. It fits existing cross-national findings well (e.g., Berki et al., 2017;Sawaya et al., 2017;Chen & Zahedi, 2016;Zwilling et al., 2020) and can explain why GDP and nationality may fail to predict national ISA consistently. ...
Article
Full-text available
A multitude of studies have suggested potential factors that influence internet security awareness (ISA). Some, for example, used GDP and nationality to explain different ISA levels in other countries but yielded inconsistent results. This study proposed an extended knowledge-attitude-behaviour (KAB) model, which postulates an influence of the education level of society at large is a moderator to the relationship between knowledge and attitude. Using exposure to a full-time working environment as a proxy for the influence, it was hypothesized that significant differences would be found in the attitude and behaviour dimensions across groups with different conditions of exposure and that exposure to full-time work plays a moderating role in KAB. To test the hypotheses, a large-scale survey adopting the Human Aspects of Information Security Questionnaire (HAIS-Q) was conducted with three groups of participants, namely 852 Year 1–3 students, 325 final-year students (age = 18–25) and 475 full-time employees (age = 18–50) in two cities of China. MANOVA and subsequent PROCESS regression analyses found a significant negative moderating effect of work exposure, which confirmed the proposed model. However, the effect was more pervasive than expected and moderation was found in the interaction between work exposure and all three ISA dimensions. The social influence does not only reshape the cybersecurity attitude of the highly educated, but also knowledge and behaviour. Findings contribute theoretically, methodologically and practically, offering novel perspectives on ISA research and prompting new strategies to respond to human factors.
... The full questionnaire can be accessed online. 2 Recruitment and data collection. We decided to partner with Qualtrics, a reputable panel provider also used in prior work [10,49], for our recruitment. We targeted our survey to individuals 18 years or older whose country of origin and current residence is one of the following: Bangladesh, India, Pakistan, and the United States. ...
... In financial decision-making, overconfidence can lead to increased risk-taking and sensation-seeking behaviours (Stotz & von Nitzsch, 2005;Grinblatt & Keloharju, 2009), and has been tied to the destruction of company value (Ahmed & Duellman, 2013). Overconfidence is also a feature of increased risk taking in the sharing of sensitive information over the internet (Sawaya et al., 2017). Within the political spectrum, individuals holding radical beliefs have been shown to exhibit lower metacognitive accuracy, suggesting a role of metacognitive failure in extreme polarisation (Rollwage et al., 2018). ...
Preprint
[Now published in Journal of Experimental Psychology General: https://psycnet.apa.org/record/2025-56868-001] Metacognition provides control and oversight to the process of acquiring and using knowledge. Efficient metacognition is essential to many aspects of daily life, from health care to finance and education. Across three experiments, we found a specific form of curiosity in humans about the quality of their own metacognition, using a novel approach that dissociates perceptual from metacognitive information searches. Observers displayed a strategic balance in their curiosity, alternating between a focus on perceptual accuracy and metacognitive performance. Depending on the context, this metacognitive curiosity was modulated by an internal evaluation of metacognition, leading to increased feedback requests when metacognition was likely to be inaccurate. Using an ideal observer model, we describe how this curiosity trade-off can arise naturally from a recursive evaluation and transformation of decisions’ evidence. These results show that individuals are inherently curious about their metacognitive abilities and can compare perceptual and metacognitive precision to fine-tune performance monitoring. We propose that this form of curiosity may reflect humans’ drive to refine their self-model.
... However, these theories have been used to investigate healthcare staff 's security behavior in developed countries. Prior studies (Ndibwile & Luhanga, 2018;Sawaya et al., 2017) indicated that security behavior differs across developing and developed nations due to motivation and decision-making. As a result, validating the idea in developing nations such as Indonesia is still required. ...
Article
Full-text available
Aim/Purpose: This study analyzes health professionals’ information security behavior (ISB) as health information system (HIS) users concerning associated information security controls and risks established in a public hospital. This work measures ISB using a complete measuring scale and explains the relevant influential factors from the perspectives of Protection Motivation Theory (PMT) and General Deterrence Theory (GDT) Background: Internal users are the primary source of security concerns in hospitals, with malware and social engineering becoming common attack vectors in the health industry. This study focuses on HIS user behavior in developing countries with limited information security policies and resources. Methodology: The research was carried out in three stages. First, a semi-structured interview was conducted with three hospital administrators in charge of HIS implementation to investigate information security controls and threats. Second, a survey of 144 HIS users to determine ISB based on hospital security risk. Third, a semi-structured interview was conducted with 11 HIS users to discuss the elements influencing behavior and current information security implementation. Contribution: This study contributes to ISB practices in hospitals. It discusses how HIS managers could build information security programs to enhance health professionals’ behavior by considering PMT and GDT elements. Findings: According to the findings of this study, the hospital has implemented particular information security management system (ISMS) controls based on international standards, but there is still room for improvement. Insiders are the most prevalent information security dangers discovered, with certain working practices requiring HIS users to disclose passwords with others. The top three most common ISBs HIS users practice include appropriately disposing of printouts, validating link sources, and using a password to unlock the device. Meanwhile, the top three least commonly seen ISBs include transferring sensitive information online, leaving a password in an unsupervised area, and revealing sensitive information via social media. Recommendations for Practitioners: Hospital managers should create work practices that align with information security requirements. HIS managers should provide incentives to improve workers’ perceptions of the benefit of robust information security measures. Recommendation for Researchers: This study suggests more research into the components that influence ISB utilizing diverse theoretical foundations such as Regulatory Focus Theory to compare preventive and promotion motivation to enhance ISB. Impact on Society: This study can potentially improve information security in the healthcare industry, which has substantial risks to human life but still lags behind other vital sector implementations. Future Research: Future research could look into the best content and format for an information security education and training program to promote the behaviors of healthcare professionals that need to be improved based on this ISB measurement and other influential factors.
... Sawaya et al. surveyed 3,500 online users from seven countries using the Security Behavior Intention Scale (SeBIS), testing the effectiveness of common security defenses with a special focus on cultural implications. People from Asian countries, particularly Japan, for example, exhibited less safe behavior [13]. ...
Chapter
Full-text available
In the midst of the COVID-19 pandemic, the employment and education sectors have shifted significantly toward online platforms. However, the increased reliance on these digital spaces has raised concerns about personal security information. Scholars have taken note of this issue and have explored its implications, with some employing the extended knowledge, attitude, and behavior (KAB) model to investigate the moderating effects of societal education level on the relationship between knowledge and attitude. Hong et al. [1] conducted a study to examine undergraduates’ KAB regarding personal data sharing in Chinese higher education institutions during the pandemic. Using a questionnaire, the study recruited 156 participants from three universities in West and East China. Using SPSS 23.0, data analysis revealed a widespread lack of awareness, a positive attitude, and proper behavior among college students regarding online personal information leakage during the pandemic. Notably, disparities were observed in KAB among students of different grades, majors, and genders. Students in their sophomore, junior, and senior years were found to be more concerned than freshmen about the availability of their personal information online; what’s more, science majors were more concerned than students of other majors. There appear to be significant gender differences in personal information sharing, ie., males are more concerned about the security of personal information online than females. Through this study, we aim to emphasize that college students’ awareness of personal information protection needs to be improved and suggest that university administrators and policymakers increase information security training. The findings of this study contribute to the theoretical and practical efforts to improve information security in higher education. Future studies should broaden the survey sample and examine the primary factors that influence college students’ KAB of personal information security to ensure the generalization of findings.
... Research has established certain smartphone information security behaviours such as locking smartphones to be used less likely by the participants from Asia (Sawaya et al., 2017). Other studies have found that the native languages and the ethnic background of participants influence the adoption of secure mechanisms (Parker et al., 2015). ...
... Attitudes [2][3][4][5][6]11,14,16,20,21,25,30,34,36,[42][43][44][45]47,[50][51][52]58,62,[66][67][68]76,78,80,83,88,97,98,103,104,[108][109][110]112,[123][124][125][126]128,[130][131][132]134,136,138,140,142,143,[146][147][148][149]153,154,158,167,170,173,175,177,183,190,192,[195][196][197]199,200,202,205,211,218,221,227,228,230] 83 (66%) ...
Preprint
Full-text available
Gender is a hot topic in the field of human-computer interaction (HCI). Work has run the gamut, from assessing how we embed gender in our computational creations to correcting systemic sexism, online and off. While gender is often framed around women and femininities, we must recognize the genderful nature of humanity, acknowledge the evasiveness of men and masculinities, and avoid burdening women and genderful folk as the central actors and targets of change. Indeed, critical voices have called for a shift in focus to masculinities, not only in terms of privilege, power, and patriarchal harms, but also participation, plurality, and transformation. To this end, I present a 30-year history of masculinities in HCI work through a scoping review of 126 papers published to the ACM Human Factors in Computing Systems (CHI) conference proceedings. I offer a primer and agenda grounded in the CHI and extant literatures to direct future work.
... In literature, there are a number of studies that have been carried out to gauge computer security of individuals. These studies involved individuals employed in various organizations (Cain et al. 2018) from different countries (Pattinson et al. 2015;McCormac et al. 2017;Sawaya et al. 2017). ...
Article
Full-text available
In developing countries, increased reliance on cyberspace for carrying out educational activities has implications for cybersecurity threats. In the light of stratification model of diffusion of technologies, socioeconomic and digital disparities are reproduced in the use of digital knowledge and skills. Cybersecurity is a digital skill that is affected by socioeconomic and digital inequalities; specifically in the developing nations. With lack of digital divide’s empirical evidence in terms of cybersecurity, this study employs a face-to-face survey to understand the computer and smartphone security practices of students enrolled in higher education institutes (HEIs) across Pakistan. A multi-stage stratified sampling technique was used to recruit a sample of 758 participants located in socioeconomically and geographically diverse cities in the country. Analysis was carried out using descriptive and Pearson’s Chi-square statistics. The results show lax cybersecurity behavior of students both on computer and smartphone devices. Significant differences were found in the cybersecurity practices of students in terms of socioeconomic and digital divide variables. This highlights that the individuals with lower socioeconomic status and who are digitally less connected are at a greater risk of falling victims to cyber-threats. The implications of the study state to impart tailored cybersecurity trainings with respect to digital divide and socioeconomic status of the students.
... Attitudes [2][3][4][5][6]11,14,16,20,21,25,30,34,36,[42][43][44][45]47,[50][51][52]58,62,[66][67][68]76,78,80,83,88,97,98,103,104,[108][109][110]112,[123][124][125][126]128,[130][131][132]134,136,138,140,142,143,[146][147][148][149]153,154,158,167,170,173,175,177,183,190,192,[195][196][197]199,200,202,205,211,218,221,227,228,230] 83 (66%) ...
Conference Paper
Full-text available
Gender is a hot topic in the field of human-computer interaction (HCI). Work has run the gamut, from assessing how we embed gender in our computational creations to correcting systemic sexism, online and off. While gender is often framed around women and femininities, we must recognize the genderful nature of humanity, acknowledge the evasiveness of men and masculinities, and avoid burdening women and genderful folk as the central actors and targets of change. Indeed, critical voices have called for a shift in focus to masculinities, not only in terms of privilege, power, and patriarchal harms, but also participation, plurality, and transformation. To this end, I present a 30-year history of masculinities in HCI work through a scoping review of 126 papers published to the ACM Human Factors in Computing Systems (CHI) conference proceedings. I offer a primer and agenda grounded in the CHI and extant literatures to direct future work.
... Ahmed et al.'s investigation focuses on a low or middle income country and privacy in the context of smartphones repairs only. There are considerable differences between high and low income countries when it comes to the use of technology [41], [44], [53] and privacy expectations and regulations [2], [31]. With the media coverage and subsequent promises from some service providers in the US [4], [5], in addition to measuring customers' perceptions, it is important to understand the existence and communication of policies and controls to protect customers' privacy. ...
Preprint
Full-text available
Electronics repair and service providers offer a range of services to computing device owners across North America -- from software installation to hardware repair. Device owners obtain these services and leave their device along with their access credentials at the mercy of technicians, which leads to privacy concerns for owners' personal data. We conduct a comprehensive four-part study to measure the state of privacy in the electronics repair industry. First, through a field study with 18 service providers, we uncover that most service providers do not have any privacy policy or controls to safeguard device owners' personal data from snooping by technicians. Second, we drop rigged devices for repair at 16 service providers and collect data on widespread privacy violations by technicians, including snooping on personal data, copying data off the device, and removing tracks of snooping activities. Third, we conduct an online survey (n=112) to collect data on customers' experiences when getting devices repaired. Fourth, we invite a subset of survey respondents (n=30) for semi-structured interviews to establish a deeper understanding of their experiences and identify potential solutions to curtail privacy violations by technicians. We apply our findings to discuss possible controls and actions different stakeholders and regulatory agencies should take to improve the state of privacy in the repair industry.
... Despite these criticisms, it is widely used to understand interactions with and design considerations for technology, for example, it has been employed to analyze cultural differences in mobile service design [18] and well as security behaviour [63]. It has also been extensively validated [38] and used to understand how fairness is culturally dependent [11,12,28,42,54,57,65]. ...
Article
Ensuring fairness in artificial intelligence (AI) is important to counteract bias and discrimination in far-reaching applications. Recent work has started to investigate how humans judge fairness and how to support machine learning experts in making their AI models fairer. Drawing inspiration from an Explainable AI approach called explanatory debugging used in interactive machine learning, our work explores designing interpretable and interactive human-in-the-loop interfaces that allow ordinary end-users without any technical or domain background to identify potential fairness issues and possibly fix them in the context of loan decisions. Through workshops with end-users, we co-designed and implemented a prototype system that allowed end-users to see why predictions were made, and then to change weights on features to “debug” fairness issues. We evaluated the use of this prototype system through an online study. To investigate the implications of diverse human values about fairness around the globe, we also explored how cultural dimensions might play a role in using this prototype. Our results contribute to the design of interfaces to allow end-users to be involved in judging and addressing AI fairness through a human-in-the-loop approach.
... Despite these criticisms, it is widely used to understand interactions with and design considerations for technology, for example, it has been employed to analyze cultural differences in mobile service design [18] and well as security behaviour [62]. It has also been extensively validated [38] and used to understand how fairness is culturally dependent [11,12,28,42,53,56,64]. ...
Preprint
Ensuring fairness in artificial intelligence (AI) is important to counteract bias and discrimination in far-reaching applications. Recent work has started to investigate how humans judge fairness and how to support machine learning (ML) experts in making their AI models fairer. Drawing inspiration from an Explainable AI (XAI) approach called \emph{explanatory debugging} used in interactive machine learning, our work explores designing interpretable and interactive human-in-the-loop interfaces that allow ordinary end-users without any technical or domain background to identify potential fairness issues and possibly fix them in the context of loan decisions. Through workshops with end-users, we co-designed and implemented a prototype system that allowed end-users to see why predictions were made, and then to change weights on features to "debug" fairness issues. We evaluated the use of this prototype system through an online study. To investigate the implications of diverse human values about fairness around the globe, we also explored how cultural dimensions might play a role in using this prototype. Our results contribute to the design of interfaces to allow end-users to be involved in judging and addressing AI fairness through a human-in-the-loop approach.
... Security Behavior. We used the Security Behavior Intentions Scale (SeBIS) [18], which is a standard measurement tool for end-user security behavior intentions [17,19,73] and captures actual security behavior [17]. The SeBIS questionnaire contains four subscales: device securement, password generation, proactive awareness, and updating. ...
Article
Full-text available
Peer support is a powerful tool in improving the digital literacy of older adults. However, while existing literature investigated reactive support, this paper examines proactive support for mobile safety. To predict moments that users need support, we conducted a user study to measure the severity of mobile scenarios (n=300) and users' attitudes toward receiving support in a specific interaction around safety on a mobile device (n=150). We compared classification methods and showed that the random forest method produces better performance than other regression models. We show that user anxiety, openness to social support, self-efficacy, and security awareness are important factors to predict willingness to receive support. We also explore various age variations in the training sample on moments users need support prediction. We find that training on the youngest population produces inferior results for older adults, and training on the aging population produces poor outcomes for young adults. We illustrate that the composition of age can affect how the sample impacts model performance. We conclude the paper by discussing how our findings can be used to design feasible proactive support applications to provide support at the right moment.
... If one wants to be a little more modest and just explore which moral values are relevant to cybersecurity, then one might examine the relevant scholarly debates to see which moral values are explicitly mentioned there (e.g. Kruger et al. 2011;Sawaya et al. 2017). However, it must be clear that this is an inescapably narrow perspective, as it does not take into account the various political or ideological attitudes towards the relationship between cybersecurity and ethics, which shape the ways cybersecurity is dealt with. ...
Chapter
The text aims to demonstrate that establishing cybersecurity is not only a technical challenge, but that legal, economic, or organizational aspects also play at least as important a role. The provision of cybersecurity raises ethical questions, since cybersecurity can affect moral values such as autonomy, freedom, or privacy. If measurements necessary for the provision of cybersecurity shall be accepted, it is essential to find a balance between the different claims of all stakeholders involved. This aim is achieved through a detailed ethical analysis accompanied by an extensive literature study. As the most important result of this analysis, it becomes obvious that cybersecurity is in competition or even conflict with other values and interests, and that establishing cybersecurity always involves a trade-off. Not only can there be no 100 percent cybersecurity for technical reasons, but if other values and interests are to be considered, this inevitably leads to compromises in cybersecurity.
... We observe that this is may be a similar phenomenon to past results which found that MTurk workers are more certain about what information is available about them online [31]. This level of confidence may be quite relevant to the properties of online survey respondents, since past work such as Sawaya et al. [50] found that confidence is a better predictor of security behaviors than actual knowledge. ...
Preprint
Full-text available
Security and privacy researchers often rely on data collected through online crowdsourcing platforms such as Amazon Mechanical Turk (MTurk) and Prolific. Prior work -- which used data collected in the United States between 2013 and 2017 -- found that MTurk responses regarding security and privacy were generally representative for people under 50 or with some college education. However, the landscape of online crowdsourcing has changed significantly over the last five years, with the rise of Prolific as a major platform and the increasing presence of bots. This work attempts to replicate the prior results about the external validity of online privacy and security surveys. We conduct an online survey on MTurk (n=800), a gender-balanced survey on Prolific (n=800), and a representative survey on Prolific (n=800) and compare the responses to a probabilistic survey conducted by the Pew Research Center (n=4272). We find that MTurk responses are no longer representative of the U.S. population, even when responses that fail attention check questions or CAPTCHAs are excluded. Data collected through Prolific is generally representative for questions about user perceptions and experience, but not for questions about security and privacy knowledge. We also evaluate the impact of Prolific settings (e.g., gender-balanced sample vs. representative sample), various attention check questions, and statistical methods on the external validity of surveys conducted through Prolific, and we develop recommendations about best practices for conducting online privacy and security surveys.
Chapter
A thorough understanding of usable privacy research challenges is essential for ensuring high-quality research, improving methods and avoiding repeating mistakes, identifying research gap fillers, and advancing the field. In this chapter, we will examine some of the challenges associated with conducting usable privacy studies, such as the challenges of encompassing a variety of users, conflicting privacy and usability goals, privacy as a secondary objective, the privacy paradox, and issues related to measuring the right thing, the difficulty of conducting ecologically valid studies, and ethical and legal issues such as ethics of nudge and deception when conducting this type of research. We will further discuss the Human-Computer Interaction (HCI) challenges related to privacy technologies including the challenge of educating users on how privacy-enhancing technologies work and how to make online privacy transparent considering the effects of different factors such as information level, time, and medium through which we communicate to users that all play an important role in determining the effectiveness of transparency in protecting users’ privacy. This chapter concludes by discussing some specific HCI challenges associated with privacy laws, such as discrepancies between what privacy laws require and what users need and problems regarding notice and choice.
Chapter
Some users (“Help recipients”) delegate necessary security actions to their family, friends, or others close to them. It is important to be able to take appropriate defensive actions against security threats by themselves when help is not available from neighbors (“Helpers”). In this paper, we interviewed 9 users who used to be Help recipients, but who have now started to take security actions by themselves. We investigated the reason why Help recipients delegated their security actions to Helpers and the human factors that have an impact when one takes security actions by oneself. As a result, Help recipients take their own security actions when they try new hobbies or feel a sense of ownership. Based on these findings, we classify Help recipients into four groups and propose an optimized system that shows security action lists according to user situation. These findings are useful when providing appropriate intervention for Help recipients.
Article
Previous studies on applying the framing effects to cybersecurity nudges have shown that slight wording adjustments can predictably alter users’ security and privacy preferences. However, the applications mostly focus on the Reference-dependent preference, whereas limited information is available about another important embodiment, the Pseudo-certainty effect. In addition, it is also suggested that the framing effects are sensitive to the context, whereas known contributing contextual factors are limited. To solve the problems, we examine framing effects in cybersecurity in depth by designing two framing nudges based on the Pseudo-certainty effect and exploring their interactions with a contextual factor, timing. A between-subjects field experiment with 182 participants was conducted on a self-developed game to investigate the effectiveness of the framing nudges and timing in improving online game security. The participants were prompted to decide whether to set a game password. The results indicate that the framing of security warnings significantly affects users’ security decisions and behaviors, although their effects are moderated by the timing at which the warnings are presented. Finally, we conclude with practical security warning design implications.
Chapter
Solove (2006) states that privacy cannot be considered independently from society, as “a need for privacy is a socially created need”. Privacy is a challenging, vague and multifaceted concept, however, for decades researchers from social, psychological and computer science disciplines were focused on various aspects of privacy interpretation and conceptualisation. Altman (1977) tackles privacy as behavioural mechanisms used to regulate desired levels of privacy that occurs in all cultures. Altman defines privacy functions as: management of social interaction; establishment of plans and strategies for interacting with others; and development and maintenance of self-identity.
Chapter
Grounded on the design science research process and the literature review of the existing body of knowledge, the current and own research contribution was framed into a model as displayed in Fig. 3.1. A broad research framework was developed that identified the critical variables for measurements derived from various and existing privacy frameworks.Conceptual model of the existing research and own contribution
Article
Users are encouraged to adopt a wide array of technologies and behaviors to reduce their security risk. However, the adoption of these "best practices," ranging from the use of antivirus products to keeping software updated, is not well understood, nor is their practical impact on security risk well established. To explore these issues, we conducted a large-scale measurement of 15,000 computers over six months. We use passive monitoring to infer and characterize the prevalence of various security practices as well as a range of other potentially security-relevant behaviors. We then explore the extent to which differences in key security behaviors impact the real-world outcomes (i.e., that a device shows clear evidence of having been compromised).
Article
Since personalization was introduced to security nudges, several approaches using the correlations between the General Decision-Making Styles (GDMS) and nudge effects have been proposed. However, the GDMS-based schemes do not apply to real systems well since it is challenging, if not impossible, to obtain the GDMS without psychological scales. Instead, we propose a practical scheme that leverages users’ system-use behaviors to personalize security nudges. To verify the effectiveness of the developed scheme, we analyze the data collected through two between-subjects lab experiments (N1 = 312, N2 = 696). By comparing the efficacy of the behavior-based and the GDMS-based approaches, we find that the behaviors outperform the GDMS in accurately predicting nudge effects, and more importantly, the behavior-based personalization scheme is comparably effective and more robust in improving nudge effects. This confirms that the behavior-based framework can be a practical and promising solution when implementing personalized nudge schemes to improve security behaviors.
Chapter
Full-text available
This chapter introduces relevant privacy frameworks from academic literature that can be useful to practitioners and researchers who want to better understand privacy and how to apply it in their own contexts. We retrace the history of how networked privacy research first began by focusing on privacy as information disclosure. Privacy frameworks have since evolved into conceptualizing privacy as a process of interpersonal boundary regulation, appropriate information flows, design-based frameworks, and, finally, user-centered privacy that accounts for individual differences. These frameworks can be used to identify privacy needs and violations, as well as inform design. This chapter provides actionable guidelines for how these different frameworks can be applied in research, design, and product development.
Chapter
Full-text available
This chapter studies the relationship between two important, often conflicting paradigms of online services: personalization and tracking. The chapter initially focuses on the categories and levels of online personalization, briefly overviewing algorithmic methods applied to achieve these. Then, the chapter turns to online tracking specific to mobile and web technologies, as well as the more advanced behavioral tracking. Following this, the chapter ties the streams of personalization and tracking together and discusses various aspects of their relationships, including the currently deployed tracking methods for personalization. Privacy implications of personalization via online tracking, highlighted by organizations and researchers, are also illustrated. Lastly, this chapter discusses the ways to balance personalization benefits and privacy concerns. This includes the state-of-the-art practices, current challenges, and practical recommendations for system developers willing to strike this balance.
Chapter
Full-text available
End-user privacy mechanisms have proliferated in various types of devices and application domains. However, these mechanisms were often designed without adequately considering a wide range of underserved users, for instance, people with disabilities. In this chapter, we focus on the intersection of accessibility and privacy, paying particular attention to the privacy needs and challenges of people with disabilities. The key takeaway messages of this chapter are as follows: (1) people with disabilities face heightened challenges in managing their privacy; (2) existing end-user privacy tools are often inaccessible to people with disabilities, making them more vulnerable to privacy threats; and (3) design guidelines are needed for creating more accessible privacy tools.
Conference Paper
Full-text available
We present the results of an online survey of smartphone unlocking (N=8,286) that we conducted in eight different countries. The goal was to investigate differences in attitudes towards smartphone unlocking between different national cultures. Our results show that there are indeed significant differences across a range of categories. For instance, participants in Japan considered the data on their smartphones to be much more sensitive than those in other countries, and respondents in Germany were 4.5 times more likely than others to say that protecting data on their smartphones was important. The results of this study shed light on how motivations to use various security mechanisms are likely to differ from country to country.
Conference Paper
Full-text available
While individual differences in decision-making have been examined within the social sciences for several decades, they have only recently begun to be applied by computer scientists to examine privacy and security attitudes (and ultimately behaviors). Specifically, several researchers have shown how different online privacy decisions are correlated with the "Big Five" personality traits. In this paper, we show that the five factor model is actually a weak predictor of privacy attitudes, and that other well-studied individual differences in the psychology literature are much stronger predictors. Based on this result, we introduce the new paradigm of psychographic targeting of privacy and security mitigations: we believe that the next frontier in privacy and security research will be to tailor mitigations to users' individual differences. We explore the extensive work on choice architecture and "nudges," and discuss the possible ways it could be leveraged to improve security outcomes by personalizing privacy and security mitigations to specific user traits.
Conference Paper
Full-text available
Despite the plethora of security advice and online education materials offered to end-users, there exists no standard measurement tool for end-user security behaviors. We present the creation of such a tool. We surveyed the most common computer security advice that experts offer to end-users in order to construct a set of Likert scale questions to probe the extent to which respondents claim to follow this advice. Using these questions, we iteratively surveyed a pool of 3,619 computer users to refine our question set such that each question was applicable to a large percentage of the population, exhibited adequate variance between respondents, and had high reliability (i.e., desirable psychometric properties). After performing both exploratory and confirmatory factor analysis, we identified a 16-item scale consisting of four sub-scales that measures attitudes towards choosing passwords, device securement, staying up-to-date, and proactive awareness.
Article
Full-text available
Preparing students adequately against online-attacks is a constant teaching and learning challenge, no matter how many advanced security-related courses have been developed for higher education curricula worldwide. Recently emphasis has also been put on online identity theft and social awareness in general. The authors research the knowledge, skills and attitudes of future IT professionals, from a cross-cultural and gender perspective. The available data were collected from international students in Software Engineering and other IT related disciplines via a questionnaire. The processed data revealed that (i) students are not free of security misconceptions, which security education is called upon to address and (ii) courses about online security can be part of a strategy for increasing social awareness on privacy protection. This pilot survey also revealed that the following issues are crucial: (a) the cultural and gender dimensions, (b) personality traits and (c) teaching methodology and learning environment used for security education. The researchers specify strategic guidelines in higher education for timely privacy protection and citizens’ security. The information provided in this study will be practical and useful for curricula design and formal/informal learning practices. Hence, courses on security can be thought-provoking, interesting throughout the learning process and effective regarding the learning outcomes.
Article
Full-text available
Medical educators attempt to create reliable and valid tests and questionnaires in order to enhance the accuracy of their assessment and evaluations. Validity and reliability are two fundamental elements in the evaluation of a measurement instrument. Instruments can be conventional knowledge, skill or attitude tests, clinical simulations or survey questionnaires. Instruments can measure concepts, psychomotor skills or affective values. Validity is concerned with the extent to which an instrument measures what it is intended to measure. Reliability is concerned with the ability of an instrument to measure consistently.1 It should be noted that the reliability of an instrument is closely associated with its validity. An instrument cannot be valid unless it is reliable. However, the reliability of an instrument does not depend on its validity.2 It is possible to objectively measure the reliability of an instrument and in this paper we explain the meaning of Cronbach’s alpha, the most widely used objective measure of reliability.
Article
Full-text available
We examined the effectiveness of reverse worded items as a means of reducing or preventing response bias. We first distinguished between several types of response bias that are often confused in literature. We next developed arguments why reversing items is probably never a good way to address response bias. We proposed testing whether reverse wording affects response bias with item-level data from the Multidimensional Fatigue Inventory (MFI-20), an instrument that contains reversed worded items. With data from 700 respondents, we compared scores on items that were similar with respect either to content or to direction of wording. Psychometric properties of sets of these items worded in the same direction were compared with sets consisting of both straightforward and reversed worded items. We did not find evidence that ten reverse-worded items prevented response bias. Instead, the data suggest scores were contaminated by respondent inattention and confusion. Using twenty items, balanced for scoring direction, to assess fatigue did not prevent respondents from inattentive or acquiescent answering. Rather, fewer mistakes are made with a 10-item instrument with items posed in the same direction. Such a format is preferable for both epidemiological and clinical studies.
Article
Full-text available
Several studies ranked security and privacy to be major areas of concern and impediments of cloud adoption for companies, but none have looked into end-users' attitudes and practices. Not much is known about consumers' privacy beliefs and expectations for cloud storage, such as web-mail, document and photo sharing platforms, or about users' awareness of contractual terms and conditions. We conducted 36 in-depth interviews in Switzerland and India (two countries with different privacy perceptions and expectations); and followed up with an online survey with 402 participants in both countries. We study users' privacy attitudes and beliefs regarding their use of cloud storage systems. Our results show that privacy requirements for consumer cloud storage differ from those of companies. Users are less concerned about some issues, such as guaranteed deletion of data, country of storage and storage outsourcing, but are uncertain about using cloud storage. Our results further show that end-users consider the Internet intrinsically insecure and prefer local storage for sensitive data over cloud storage. However, users desire better security and are ready to pay for services that provide strong privacy guarantees. Participants had misconceptions about the rights and guarantees their cloud storage providers offers. For example, users believed that their provider is liable in case of data loss, does not have the right to view and modify user data, and cannot disable user accounts. Finally, our results show that cultural differences greatly influence user attitudes and beliefs, such as their willingness to store sensitive data in the cloud and their acceptance that law enforcement agencies monitor user accounts. We believe that these observations can help in improving users privacy in cloud storage systems.
Article
Full-text available
Geert Hofstede’s legendary national culture research is critiqued. Crucial assumptions which underlie his claim to have uncovered the secrets of entire national cultures are described and challenged. The plausibility of systematically causal national cultures is questioned.
Article
Full-text available
Few statistical measures are as highly respected by social scientists as is the coefficient of determination. R2 is an indispensable part of any serious research report and its sheer magnitude is often regarded as the most important indicator of the quality of a study. In this paper, I challenge this view and argue that in research aimed at the test of a theory, R 2 , whether big or small, is, in general, completely irrelevant. I maintain, moreover, that the common interpretation of R 2 as a measure of "explanatory power" is misleading, as is the belief that a high value of R 2 testifies that the "true" or "best" or "complete" model has been found. I also discuss the implications for research practice of the effect that the spread of the independent variable exerts on the coefficient of determination. "These measures of goodness of fit have a fatal attraction. Although it is generally conceded among insiders that they do not mean a thing, high values are still a source of pride and satisfaction to their authors, however hard they may try to conceal these feelings." (Cramer, 1987: 253) Few statistical measures are as highly respected by social scientists as is the coefficient of determination. R 2 is an indispensable part of any serious research report and its sheer magnitude is regarded by many as the most important indicator of the quality of a study. 1 The coefficient of determination, however, is not only among the most popular statistical measures; it is also among the ones that are most often used inappropriately. My aim in this paper is to discuss some of these misuses and to point out the limitations of R 2 .
Article
Full-text available
This study surveyed 1261 internet users from five cities (Bangalore, Seoul, Singapore, Sydney and New York) to examine multinational internet users' perceptions and behavioural responses concerning online privacy. It identified a set of individual-level (demographics and internet-related experiences) and macro-level factors (nationality and national culture), and tested the extent to which they affected online privacy concerns and privacy protection behaviours. The results showed that individual differences (age, gender and internet experience), nationality and national culture significantly influenced internet users' privacy concerns to the extent that older, female internet users from an individualistic culture were more concerned about online privacy than their counterparts. The study also identified three underlying dimensions of privacy protection behaviour — avoidance, opt-out and proactive protection — and found that they distinctly related to the individual and macro-level factors. Overall, the findings highlight the conditional and multicultural nature of online privacy.
Article
Full-text available
The paper offers a critical reading of Geert Hofstede's (1980) Culture's Consequences using an analytical strategy where the book is mirrored against itself and analyzed in terms of its own proposed value dimensions. "Mirroring" unravels the book's normative viewpoint and political subtext and exposes discursive interests in its research process. Making all this evident in the canonical book's own terms, this paper communicates critical concerns across paradigm boundaries. It indicates the need to reconsider concepts and convictions that predominate cross-cultural research and to adopt norms of reflexivity that transcend existing notions of "cultural relativism.".
Article
Full-text available
Periodic privacy studies are conducted in the United States; however, very little information is available about privacy in India. As US companies are major clients of Indian outsourcing busi-nesses, US businesses must rely on Indian companies to protect their personal information. To understand the privacy perceptions, aware-ness and concerns among people in India and in the US, we conducted an exploratory study in summer 2004. We used the "mental model" approach to conduct and analyze one-on-one interviews with 57 sub-jects in the US and India. Our analysis suggests that Indians and Americans have differing views or different levels of concern about privacy, and that Americans are more aware of privacy issues raised by new technologies.
Article
Full-text available
Internet privacy was the topic in this paper. A 2008 survey revealed that US Internet users' top three privacy concerns haven't changed since 2002, but privacy-related events might have influenced their level of concern within certain categories. The authors describe their results as well as the differences in privacy concerns between US and international respondents. They also mentioned that individuals have become more concerned about personalization in customized browsing experiences, monitored purchasing patterns, and targeted marketing and research.
Conference Paper
Full-text available
This paper introduces results of a study into the value of location privacy for individuals using mobile devices. We questioned a sample of over 1200 people from flve EU coun- tries, and used tools from experimental psychology and eco- nomics to extract from them the value they attach to their location data. We compare this value across national groups, gender and technical awareness, but also the perceived dif- ference between academic use and commercial exploitation. We provide some analysis of the self-selection bias of such a study, and look further at the valuation of location data over time using data from another experiment.
Conference Paper
Full-text available
The global expansion of the use of online communities, including social networking sites, necessitates a better understanding of how people self-disclose online, particularly in different cultures. In a scenario-based study of 1,064 respondents from the United States and China, we aimed to understand how self-disclosure is affected by communication mode (face-to-face vs. online), type of relationship and national culture. Our findings show that national culture interacts with communication mode and type of relationship to affect the extent of self-disclosure. Our analysis also suggests that peoples' disclosure depends on characteristics of the relationship, e.g., closeness and openness. Our results shed new light on how online communities might be designed for users in different cultures and for intercultural collaboration.
Conference Paper
Full-text available
While many cybersecurity tools are available to computer users, their default configurations often do not match needs of specific users. Since most modern users are not computer experts, they are often unable to customize these tools, thus getting either insufficient or excessive security. To address this problem, we are developing an automated assistant that learns security needs of the user and helps customize available tools.
Article
Full-text available
Introduction Careless employees, who do not follow information security policies, constitute a serious threat to their organization. We conducted a field survey in order to understand which factors help towards employees' compliance with these security policies. Our research shows that the visibility of the desired practices and normative expectations of peers will provide a solid foundation towards employees complying with these policies. Our research also shows that if employees realize how vulnerable their organization is to security threats and the severity of these threats, they are likely to have a strong intention to comply with information security policies. Finally, employees' self-efficacy and response efficacy motivate them to comply with these policies. This article provides an information security strategic plan that puts together various best practices we found in our survey and that shows how these practices can be used to alleviate employees' non-compliance with organizational security policies. Information security breaches can cause serious damage to organizations. Such breaches can harm irreparably by shutting down computers forcing businesses to loose potential revenues or by leaking corporate confidential information and customer data possibly making corporations vulnerable to legal and regulatory problems and bad publicity. 4,5 Most organizations encounter more than one information security breaches in a given year. ² Prior information security research studies suggest that 91% of organizations' own employees frequently fail to adhere to information security policies ² paving the way for such breaches. To tackle this situation, a number of suggestions have been made in the literature to help ensure employees' compliance with security policies. Commentators have, however, pointed out a serious of weaknesses in the existing approaches. They suggest that these approaches lack empirical evidence on their effectiveness in practice. Because practitioners need empirically validated information, it is extremely important that we study employees' non-compliance with information security policies using field research. In order to understand why employees are careless about following security policies and which factors are important toward employees' compliance with these policies, we conducted a field survey of information security professionals from five Finnish companies operating in different lines of business. The survey instrument was developed based on a theoretical model developed from behavioral theories including the Theory of Reasoned Action ¹ and the Protection Motivation Theory. ³ Since employees' compliance with information security policies is ultimately a psychological phenomenon; we find these theories useful in understanding how organizations can help their employees comply with these security policies. We show how these theories can be useful in offering a new and practical insight into what motivates employees to comply with these policies. Some 3130 employees from four Finnish corporations were asked to fill out a Web-based information security instrument. Of these, 919 filled out the questionnaire resulting in a 29.4% response rate. The demographic data, among the respondents, show that the number of male (56.1%) and female (43.1%) are fairly evenly distributed. In order to test our model, we analyzed the field survey responses using factor analysis and multiple regression analysis. All constructs were found to have an acceptable level of reliability and validity confirming soundness of the measuring instrument.
Article
Full-text available
Most measures of consumer behavior have been developed and employed in the United States. Thus, relatively little is known about the cross-cultural applicability of these measures. Using Richins and Dawson's (1992) Material Values Scale (MVS) as an exemplar, this article focuses on the problems researchers are likely to encounter when employing domestic mixed-worded scales (i.e., scales that contain both positive- and reverse-worded items) in cross-cultural applications. Through an initial study among over 800 adults from the United States, Singapore, Thailand, Japan, and Korea, we show that the cross-cultural measurement equivalence and construct validity of the MVS is challenged by its mixed-worded Likert format. Through a second study among approximately 400 Americans and East Asians, we find that other mixed-worded scales produce similar problems and that the cross-cultural applicability of such scales may be enhanced by replacing items posed as statements with items framed as questions. Copyright 2003 by the University of Chicago.
Article
Full-text available
Materialism was explored in twelve countries using qualitative data, measures of consumer desires, measures of perceived necessities, and adapted versions of the Belk (1985) materialism scales with student samples. The use of student samples and provisionary evidence for cross-cultural reliability and validity for the scales, make the quantitative results tentative, but they produced some interesting patterns that were also supported by the qualitative data. Romanians were found to be the most materialistic, followed by the U.S.A., New Zealand, Ukraine, Germany, and Turkey. These results suggest that materialism is neither unique to the West nor directly related to affluence, contrary to what has been assumed in prior treatments of the development of consumer culture.
Article
Full-text available
We investigate differences between Japanese and German/English and explain characteristic phenomena to Japanese. The study helps us to realize what can be problematic when translating Japanese into German/English and vice versa. Contents 1 Introduction 2 2 Japanese as a language 3 2.1 Lexical aspects . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2 Grammatical aspects . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.3 Pragmatic aspects . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3 Lexical phenomena 9 3.1 Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.2 Time expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.3 Verbal honorifics . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 4 Grammatic phenomena 22 4.1 Suffixes to noun phrases . . . . . . . . . . . . . . . . . . . . . . . 22 4.2 Sentence constructions . . . . . . . . . . . . . . . . . . . . . . . . 30 5 Pragmatic phenomena 42 5.1 Viewpoint, hono...
Article
Full-text available
In this paper we present a cross-cultural comparison on users' perception on computer security issues, with a special emphasis on the notion of trust. The study was conducted by bringing together two previous approaches on trust: the user studies conducted previously in Finland were repeated in Sweden, with only slight alterations to account for national features, such as language and choice of national examples, in order to track down cultural variation in how users perceive trust in the electronic world. The outcome is a to-the-point description of when, where, and how the designer or system builder should take cultural issues into account when trying to convince an online shopper of his trustworthiness. Also, the checklist for the designer, presented as the outcome of the Finnish user study, is further elaborated and refined based on these new results. KEYWORDS: trust, culture, cross-cultural, globalization, usability, user interviews, computer security, BATE model 1. INTRODUCTION...
Conference Paper
Computer security problems often occur when there are disconnects between users' understanding of their role in computer security and what is expected of them. To help users make good security decisions more easily, we need insights into the challenges they face in their daily computer usage. We built and deployed the Security Behavior Observatory (SBO) to collect data on user behavior and machine configurations from participants' home computers. Combining SBO data with user interviews, this paper presents a qualitative study comparing users' attitudes, behaviors, and understanding of computer security to the actual states of their computers. Qualitative inductive thematic analysis of the interviews produced “engagement” as the overarching theme, whereby participants with greater engagement in computer security and maintenance did not necessarily have more secure computer states. Thus, user engagement alone may not be predictive of computer security. We identify several other themes that inform future directions for better design and research into security interventions. Our findings emphasize the need for better understanding of how users' computers get infected, so that we can more effectively design user-centered mitigations.
Conference Paper
Online Behavioral Advertising (OBA), which involves tracking people’s online behaviors, raises serious privacy concerns. We present results from a scenario-based online survey study on American and Chinese Internet users’ privacy preferences of OBA. Since privacy is context-dependent, we investigated the effects of country (US vs. China), activity (e.g., online shopping vs. online banking), and platform (desktop/laptop vs. mobile app) on people’s willingness to share their information for OBA. We found that American respondents were significantly less willing to share their data and had more specific concerns than their Chinese counterparts. We situate these differences in the broader historical, legal, and social scenes of these countries. We also found that respondents’ OBA preferences varied significantly across different online activities, suggesting the potential of context-aware privacy tools for OBA. However, we did not find a significant effect of platform on people’s OBA preferences. Lastly, we discuss design implications for privacy tools.
Conference Paper
The Security Behavior Intentions Scale (SeBIS) measures the computer security attitudes of end-users. Because intentions are a prerequisite for planned behavior, the scale could therefore be useful for predicting users' computer security behaviors. We performed three experiments to identify correlations between each of SeBIS's four sub-scales and relevant computer security behaviors. We found that testing high on the awareness sub-scale correlated with correctly identifying a phishing website; testing high on the passwords sub-scale correlated with creating passwords that could not be quickly cracked; testing high on the updating sub-scale correlated with applying software updates; and testing high on the securement sub-scale correlated with smartphone lock screen usage (e.g., PINs). Our results indicate that SeBIS predicts certain computer security behaviors and that it is a reliable and valid tool that should be used in future research.
Article
This paper examines the individual difference variables of materialism (as measured by Richins and Dawson 1992) and status consumption (as measured by Kilsheimer 1993) across three countries (U.S.A., Peoples Republic of China, and Mexico) of college students. The study addresses the reliability of the two constraints as well as the relationship between these two constructs within and between countries. The results suggest that status consumption and materialism are significantly different constructs in all three countries surveyed. Additionally, while there are statistically significant differences in the materialism levels across all three countries, there are no statistically significant differences in the level of status consumption for the American, Chinese, and Mexican consumers surveyed. This suggests that consuming for status has equal importance in all three countries. The implications for international Marketing Managers are suggested.
Article
The purpose for this analysis is to compare the results of two surveys, specifically the negatively worded questions vs. the positively worded questions, and to make recommendations for future surveys. Since the questionnaires were not designed for a comparison, there are many confounding issues in the analysis including context effects, length of the surveys, question wording, and order of the sections.
Article
‘This is an excellent book which introduces the underlying concepts and practical issues related to psychosocial measurement and scale development’ - Statistics in Medicine. Effective measurement is a cornerstone of scientific research. Yet many social science researchers lack the tools to develop appropriate assessment instruments for the measurement of latent social-psychological constructs. Scaling Procedures: Issues and Applications examines the issues involved in developing and validating multi-item self-report scales of latent constructs. Distinguished researchers and award-winning educators Richard G Netemeyer, William O Bearden, and Subhash Sharma present a four-step approach for multi-indicator scale development. With these steps, the authors include relevant empirical examples and a review of the concepts of dimensionality, reliability, and validity. Scaling Procedures: Issues and Applications supplies cutting-edge strategies for developing and refining measures. Providing concise chapter introductions and summaries, as well as numerous tables, figures, and exhibits, the authors present recommended steps and overlapping activities in a logical, sequential progression. Designed for graduate students in measurement//psychometrics, structural equation modeling, and survey research seminars across the social science disciplines, this book also addresses the needs of researchers and academics in all business, psychology, and sociology-related disciplines.
Article
A number of frameworks have been prescribed for online retailers, but still there exists little consensus regarding the amount of information and the level of customization needed to optimize customers’ satisfaction and their purchase intention, and thereby increase sales performance. Against this backdrop, this study aims to contribute to the current practical and theoretical discussions regarding the most effective ways to design and implement online retailers’ website features by empirically examining the interplay between information content and website personalization, and their individual and interactive impact on performance. By applying Structural Equation Modeling analysis to a sample of the top US retailers’ websites, we find that simply providing a large number of information content features to online customers is not enough for companies looking to motivate customers to purchase. However, information that is targeted to an individual customer influences customer satisfaction and purchase intention; customer satisfaction, in turn, serves as a driver to the retailer’s online sales performance.
Conference Paper
Social media has become truly global in recent years. We argue that support for users' privacy, however, has not been extended equally to all users from around the world. In this paper, we survey existing literature on cross-cultural privacy issues, giving particular weight to work specific to online social networking sites. We then propose a framework for evaluating the extent to which social networking sites' privacy options are offered and communicated in a manner that supports diverse users from around the world. One aspect of our framework focuses on cultural issues, such as norms regarding the use of pseudonyms or posting of photographs. A second aspect of our framework discusses legal issues in cross-cultural privacy, including data-protection requirements and questions of jurisdiction. The final part of our framework delves into user expectations regarding the data-sharing practices and the communication of privacy information. The framework can enable service providers to identify potential gaps in support for user privacy. It can also help researchers, regulators, or consumer advocates reason systematically about cultural differences related to privacy in social media.
Article
While prior studies have provided us with an initial understanding of people’s location-sharing privacy preferences, they have been limited to Western countries and have not investigated the impact of the granularity of location disclosures on people’s privacy preferences. We report findings of a 3-week comparative study collecting location traces and location-sharing preferences from two comparable groups in the United States and China. Results of the study shed further light on the complexity of people’s location-sharing privacy preferences and key attributes influencing willingness to disclose locations to others and to advertisers. While our findings reveal many similarities between US and Chinese participants, they also show interesting differences, such as differences in willingness to share location at “home” and at “work” and differences in the granularity of disclosures people feel comfortable with. We conclude with a discussion of implications for the design of location-sharing applications and location-based advertising.
Book
The Second Edition of this classic work, first published in 1981 and an international bestseller, explores the differences in thinking and social action that exist among members of more than 50 modern nations. Geert Hofstede argues that people carry "mental programs" which are developed in the family in early childhood and reinforced in schools and organizations, and that these programs contain components of national culture. They are expressed most clearly in the different values that predominate among people from different countries. Geert Hofstede has completely rewritten, revised and updated Cultures Consequences for the twenty-first century, he has broadened the book's cross-disciplinary appeal, expanded the coverage of countries examined from 40 to more than 50, reformulated his arguments and a large amount of new literature has been included. The book is structured around five major dimensions: power distance; uncertainty avoidance; individualism versus collectivism; masculinity versus femininity; and long term versus short-term orientation. --Publisher.
Article
Personalization is a key component of an interactive marketing strategy. Its purpose is to adapt a standardized product or service to an individual customer's needs. The goal is to create profit for the producer and increased value for the consumer. This goal fits nicely into traditional notions of segmentation. Applications of personalization have advanced greatly in conjunction with the Internet, since it provides an environment that is information rich and well suited to interactivity. This article reviews past research on personalization and considers some examples of personalization in practice. We discuss what we believe are key problems and directions for personalization in the future.
Article
This article examines the adequacy of the “rules of thumb” conventional cutoff criteria and several new alternatives for various fit indexes used to evaluate model fit in practice. Using a 2‐index presentation strategy, which includes using the maximum likelihood (ML)‐based standardized root mean squared residual (SRMR) and supplementing it with either Tucker‐Lewis Index (TLI), Bollen's (1989) Fit Index (BL89), Relative Noncentrality Index (RNI), Comparative Fit Index (CFI), Gamma Hat, McDonald's Centrality Index (Mc), or root mean squared error of approximation (RMSEA), various combinations of cutoff values from selected ranges of cutoff criteria for the ML‐based SRMR and a given supplemental fit index were used to calculate rejection rates for various types of true‐population and misspecified models; that is, models with misspecified factor covariance(s) and models with misspecified factor loading(s). The results suggest that, for the ML method, a cutoff value close to .95 for TLI, BL89, CFI, RNI, and Gamma Hat; a cutoff value close to .90 for Mc; a cutoff value close to .08 for SRMR; and a cutoff value close to .06 for RMSEA are needed before we can conclude that there is a relatively good fit between the hypothesized model and the observed data. Furthermore, the 2‐index presentation strategy is required to reject reasonable proportions of various types of true‐population and misspecified models. Finally, using the proposed cutoff criteria, the ML‐based TLI, Mc, and RMSEA tend to overreject true‐population models at small sample size and thus are less preferable when sample size is small.
Conference Paper
Worldwide social networks, like Facebook, face fierce competition from local platforms when expanding globally. To remain attractive social network providers need to encourage user self-disclosure. Yet, little research exists on how cultural differences impact self-disclosure on these platforms. Addressing this gap, this study explores the differences in perceptions of disclosure-relevant determinants between German and US users. Survey of Facebook members indicates that German users expect more damage and attribute higher probability to privacy-related violations. On the other hand, even though American users show higher level of privacy concern, they extract more benefits from their social networking activities, have more trust in the service provider and legal assurances as well as perceive more control. These factors may explain a higher level of self-disclosure indicated by American users. Our results provide relevant insights for the social network providers who can adjust their expansion strategy with regard to cultural differences.
Article
This review set out to review the extensive literature on response bias, and particularly dissimulating a socially desirable response to self-report data. Various terminological differences are discussed as well as the way test constructors attempt to measure or overcome social desirability response sets. As an example of the research in this field, four types of studies measuring social desirability in the Eysenckian personality measures (MPI, EPI, EPQ) are reviewed. Also studies of faking in psychiatric symptom inventories, and a wide range of other tests are briefly reviewed. Various equivocal results from attempts to determine what makes some measures more prone to social desirability than others. However there appears to be growing evidence that social desirability is a relatively stable, multidimensional trait, rather than a situationally-specific response set. Faking studies may also be used to examine people's stereotypes and images of normality and abnormality, and various studies of‘abnormal groups’ perception of normality are examined. Recommendations for further work in this area are proposed.
Conference Paper
We present a study that investigates American, Chinese, and Indian social networking site (SNS) users’ privacy attitudes and practices. We conducted an online survey of users of three popular SNSs in these countries. Based on 924 valid responses from the three countries, we found that generally American respondents were the most privacy concerned, followed by the Chinese and Indians. However, the US sample exhibited the lowest level of desire to restrict the visibility of their SNS information to certain people (e.g., co-workers). The Chinese respondents showed significantly higher concerns about identity issues on SNS such as fake names and impersonation.
Article
We examine three possible explanations for differences in Internet privacy concerns revealed by national regulation: (1) These differences reflect and are related to differences in cultural values described by other research; (2) these differences reflect differences in Internet experience; or (3) they reflect differences in the desires of political institutions without reflecting underlying differences in privacy preferences. Using a sample of Internet users from 38 countries matched against the Internet population of the United States, we find support for (1) and (2), suggesting the need for localized privacy policies. Privacy concerns decline with Internet experience. Controlling for experience, cultural values were associated with differences in privacy concerns. These cultural differences are mediated by regulatory differences, although new cultural differences emerge when differences in regulation are harmonized. Differences in regulation reflect but also shape country differences. Consumers in countries with sectoral regulation have less desire for more privacy regulation.
Article
8ème enquête annuelle sur la diffusion des technologies de l'information et de la communication dans la société française (téléphonie fixe et mobile, internet, micro-ordinateur) réalisée par le CREDOC pour l'Autorité de Régulation des Communications Electroniques et des Postes (ARCEP) et le Conseil Général de l'Industrie, de l'Energie et des Technologies (CGIET). Cette enquête, réalisée en juin 2010 par entretiens en face-à-face auprès d'un échantillon de 2 230 personnes représentatif de la population française de 12 ans et plus, montre une progression de l'équipement en ordinateurs et en accès à l'internet, ainsi qu'une progression continue de l'administration et du commerce en ligne, toujours plébiscités, et de nouveaux usages en particulier chez les plus jeunes.
Article
Estudio acerca de los procesos que dan origen a las diferencias de pensamiento y acción social entre las culturas nacionales. El autor sostiene que los seres humanos llevan consigo "programas mentales" que son desarrollados tempranamente en el medio familiar y reforzados en las instituciones educativas y las organizaciones. Para Geert Hofstede, las diferencias culturales tienen su expresión más clara en las escalas de valores de miembros de distintas naciones y se extienden a los comportamientos, instituciones y organizaciones.
Article
this report. As for examples, we will only present phrases necessary for illustration so as to make the report accessible. The original sentences from which the examples are extracted, are presented in Appendex A.
Online Research. http: //global.cross-m.co.jp/solution/online/index.html. (2015) [Online
  • Cross Marketing Inc
Online self-disclosure across cultures: A study of Facebook use in Saudi Arabia and Australia
  • Hashem Abdullah
  • A Almakrami
Hashem Abdullah A Almakrami. 2015. Online self-disclosure across cultures: A study of Facebook use in Saudi Arabia and Australia. Ph.D. Dissertation. Queensland University of Technology.
2015 Japan Digital Audience Report. https://www.comscore.com/layout/set [Online
  • Inc Comscore
Ipsos Online Audience Measurement in The Arab World
  • Ipsos
Ipsos. 2014. Ipsos Online Audience Measurement in The Arab World. http://fac.ksu.edu.sa/sites/default/files/ online-audience-measurement.pdf. (2014). [Online;
Gengo. https://www.gengo.com. (2016). [Online
  • Inc Gengo
no one can hack my mind": Comparing Expert and Non-Expert Security Practices
  • Rob Iulia Ion
  • Sunny Reeder
  • Consolvo
  • Ion Iulia
Iulia Ion, Rob Reeder, and Sunny Consolvo. 2015. "... no one can hack my mind": Comparing Expert and Non-Expert Security Practices. In Proceedings of SOUPS.