Restrictive Deterrence: Impact of Warning Banner Messages on Repeated Low-trust Software Use

Mario Silic, Dario Silic, Goran Oblakovic

Abstract

This research paper focuses on the warning messages that are one of the last lines of defense against cybercriminals. The effectiveness of warnings in influencing users’ behavior when using low-trust (potentially malicious) software has not been adequately addressed by the prior research. Using the restrictive deterrence theory, supported by the Communication-Human Information Processing (C-HIP) Model, we conducted an experimental study investigating the influence of warning messages on the repeated use of low-trust software. The results suggest that the use of low-trust software could be reduced in frequency, or completely abandoned, in the presence of warning messages, whereby security incidents could be better mitigated and reduced. We suggest several implications for practitioners and offer some interesting theoretical insights.

References

  1. Akhawe, D. and Felt, A. P. (2013) Usenix Security.
  2. Andrews, J. C. (2011) 'Warnings and disclosures', Communicating Risks and Benefits: An Evidence-Based User's Guide, pp. 149-61.
  3. Beauregard, E. and Bouchard, M. (2010) 'Cleaning up your act: Forensic awareness as a detection avoidance strategy', Journal of Criminal Justice, 38(6), pp. 1160- 1166.
  4. Blais, E. and Bacher, J.-L. (2007) 'Situational deterrence and claim padding: Results from a randomized field experiment', Journal of Experimental Criminology, 3(4), pp. 337-352.
  5. Box-Steffensmeier, J. M. and Jones, B. S. (2004) Event history modeling: A guide for social scientists. Cambridge University Press.
  6. Bravo-Lillo, C., Cranor, L. F., Downs, J., Komanduri, S., Reeder, R. W., Schechter, S. and Sleeper, M. (2013) SOUPS 7813 Proceedings of the Ninth Symposium on Usable Privacy and Security.
  7. Bushman, B. J. (2006) 'Effects of warning and information labels on attraction to television violence in viewers of different ages', Journal of Applied Social Psychology, 36(9), pp. 2073-2078.
  8. Camp, L. J. (2006) 'Mental models of privacy and security', Available at SSRN 922735.
  9. Chen, T.-C., Stepan, T., Dick, S. and Miller, J. (2014) 'An anti-phishing system employing diffused information', ACM Transactions on Information and System Security (TISSEC), 16(4), p. 16.
  10. Conzola, V. C. and Wogalter, M. S. (2001) 'A Communication-Human Information Processing (CHIP) approach to warning effectiveness in the workplace', Journal of Risk Research, 4(4), pp. 309- 322.
  11. Cranor, L. F. (2008) 'A Framework for Reasoning About the Human in the Loop', UPSEC, 8, pp. 1-15.
  12. Egilman, D. and Bohme, S. (2006) 'A brief history of warnings', Handbook of Warnings. Lawrence Erlbaum Associates, Mahwah, NJ, pp. 35-48.
  13. Gallupe, O., Bouchard, M. and Caulkins, J. P. (2011) 'No change is a good change? Restrictive deterrence in illegal drug markets', Journal of Criminal Justice, 39(1), pp. 81-89.
  14. Gibbs, J. P. (1975) Crime, punishment, and deterrence. Elsevier New York.
  15. Grier, C., Tang, S. and King, S. T. (2008) Security and Privacy, 2008. SP 2008. IEEE Symposium on. IEEE.
  16. Jacobs, B. A. (1996) 'Crack dealers' apprehension avoidance techniques: A case of restrictive deterrence', Justice Quarterly, 13(3), pp. 359-381.
  17. Jacobs, B. A. (2010) 'DETERRENCE AND DETERRABILITY*78, Criminology, 48(2), pp. 417- 441.
  18. Jacobs, B. A. and Cherbonneau, M. (2014) 'Auto theft and restrictive deterrence', Justice quarterly, 31(2), pp. 344- 367.
  19. Kaplan, E. L. and Meier, P. (1958) 'Nonparametric estimation from incomplete observations', Journal of the American statistical association, 53(282), pp. 457- 481.
  20. Laughery, K. R. and Wogalter, M. S. (2006) 'Designing effective warnings', Reviews of human factors and ergonomics, 2(1), pp. 241-271.
  21. Lowman, J. (1992) 'STREET PROSTITUTION CONTROL Some Canadian Reflections on the Finsbury Park Experience', British Journal of Criminology, 32(1), pp. 1-17.
  22. Maimon, D., Alper, M., Sobesto, B. and Cukier, M. (2014) 'Restrictive deterrent effects of a warning banner in an attacked computer system', Criminology, 52, pp. 33-59.
  23. Peters, G. J. Y., Ruiter, R. A. and Kok, G. (2014) 'Threatening communication: A qualitative study of fear appeal effectiveness beliefs among intervention developers, policymakers, politicians, scientists, and advertising professionals', International Journal of Psychology, 49(2), pp. 71-79.
  24. Sanders, M. S. and McCormick, E. J. (1987) Human factors in engineering and design. McGRAW-HILL book company.
  25. Sheng, S., Wardman, B., Warner, G., Cranor, L., Hong, J. and Zhang, C. (2009) Sixth Conference on Email and Anti-Spam (CEAS). California, USA.
  26. Silic, M. (2013) 'Dual-use open source security software in organizations - Dilemma: Help or hinder?78, Computers & Security, 39, Part B(0), pp. 386-395.
  27. Silic, M. and Back, A. (2015) 'Identification and Importance of the Technological Risks of Open Source Software in the Enterprise Adoption Context'.
  28. Silic, M., Barlow, J. and Ormond, D. (2015) 'Warning! A Comprehensive Model of the Effects of Digital Information Security Warning Messages', The 2015 Dewald Roode Workshop on Information Systems Security Research, IFIP. Dewald IFIP, pp. 1-32. doi: 10.13140/RG.2.1.2550.1202.
  29. Straub, D. W. and Welke, R. J. (1998) 'Coping with systems risk: security planning models for management decision making', Mis Quarterly, pp. 441-469.
  30. Sunshine, J., Egelman, S., Almuhimedi, H., Atri, N. and Cranor, L. F. (2009) 18th USENIX Security Symposium.
  31. Wogalter, M. S. (2006a) 'Communication-Human Information Processing (C-HIP) Model', in Wogalter, M. S. (ed.) Handbook of Warnings. Mahwah, NJ: Lawrence Erlbaum Associates, pp. 51-61.
  32. Wogalter, M. S. (2006b) 'Communication-human information processing (C-HIP) model', Handbook of warnings, pp. 51-61.
  33. Wogalter, M. S. (2006c) 'Purposes and scope of warnings', Handbook of Warnings. Lawrence Erlbaum Associates, Mahwah, NJ, pp. 3-9.
Download


Paper Citation


in Harvard Style

Silic M., Silic D. and Oblakovic G. (2016). Restrictive Deterrence: Impact of Warning Banner Messages on Repeated Low-trust Software Use . In Proceedings of the 18th International Conference on Enterprise Information Systems - Volume 1: ICEIS, ISBN 978-989-758-187-8, pages 435-442. DOI: 10.5220/0005831904350442


in Bibtex Style

@conference{iceis16,
author={Mario Silic and Dario Silic and Goran Oblakovic},
title={Restrictive Deterrence: Impact of Warning Banner Messages on Repeated Low-trust Software Use},
booktitle={Proceedings of the 18th International Conference on Enterprise Information Systems - Volume 1: ICEIS,},
year={2016},
pages={435-442},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005831904350442},
isbn={978-989-758-187-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 18th International Conference on Enterprise Information Systems - Volume 1: ICEIS,
TI - Restrictive Deterrence: Impact of Warning Banner Messages on Repeated Low-trust Software Use
SN - 978-989-758-187-8
AU - Silic M.
AU - Silic D.
AU - Oblakovic G.
PY - 2016
SP - 435
EP - 442
DO - 10.5220/0005831904350442