Security Mental Models and Personal Security Practices of Internet Users in Africa

Mbewe, Enock Samuel and Chavula, Josiah (2021) Security Mental Models and Personal Security Practices of Internet Users in Africa, Proceedings of EAI AFRICOMM 2021 - 13th EAI International Conference on e‐Infrastructure and e‐Services for Developing Countries, 1st - 3rd December, Zanzibar, Tanzania, Springer.

[thumbnail of Security_Mental_Models_and_Personal_Security_Practicesof_Internet_Users_in_Africa.pdf] Text
Security_Mental_Models_and_Personal_Security_Practicesof_Internet_Users_in_Africa.pdf - Accepted Version

Download (1MB)


Recent trends show an increase in risks for personal cyberattacks, in part due to an increase in remote work that has been imposed by worldwide Covid-19 lockdowns. These attacks have further exposed the inefficiencies of the "paternalistic" design of Internet security systems and security configuration frameworks. Prior research has shown that users often have inadequate Internet security and privacy mental models. However, little is known about the causes of flawed mental models. Using mixed methods over a period of nine months, we investigate Internet security mental models of users in Africa and the implications of these mental models on personal security practice. Consistent with prior research, we find inadequate Internet security mental models in self-reported expert and non-expert Internet users. In addition, our mental modelling and task analysis reveal that the flawed security practice does not only result from users' negligence, but also from lack of sufficient Internet security knowledge. Our findings motivate for reinforcing users' Internet security mental models through personalised security configuration frameworks to allow users, especially those with limited technical skills, to easily configure their desired security levels.

Item Type: Conference paper
Uncontrolled Keywords: usable security,security mental models, Internet security, privacy
Subjects: Security and privacy
Networks > Network protocols > Application layer protocols
Date Deposited: 08 Dec 2021 06:17
Last Modified: 08 Dec 2021 06:17

Actions (login required)

View Item View Item