Folk-model security as an education contribution

I argued in a previous blog post that inquiry-based computer science education is not possible today because we know too little about how people think about the computing in their lives.  The result described in the below blog post is a step towards identifying the misunderstandings that might be addressed as “Driving Questions” in inquiry-based CS ed.  It’s important to know how people think about things now, because directly addressing those leads to better educational interventions.

In his paper, published in the proceedings of the Symposium on Usable Privacy and Security, Wash identified eight folk models of security threats that are used by home computer users to decide what security software to use and which advice to follow.

These models range from the vague and generic – “viruses are bad” – to the more specific – “hackers are burglars who break into computers for criminal purposes.”

Adding to the problem, Wash said, is that people who rely on folk models for computer security don’t necessarily follow security advice from credible experts. This is because they either don’t understand the advice or because they believe the security advice isn’t relevant to them.

via Home-computer users at risk due to use of ‘folk model’ security | MSU News | Michigan State University.