Awareness, Education, Training

Question 1

Disagvantages

Answer 1

Poor cost benefit trade off
Infeasible
Negative side effects

Question 2

Reasons for not installing updates

Answer 2

-Unpleasant suprise UI changes
-unclear what should be updated
-unclear why an update is needed

Question 3

Security awareness

Answer 3

Is a latent variable, cant be observed directly, no exact definition

Question 4

Is user education generally a good idea?

Answer 4

-it may scare people off
-security is too complicated-user education does not work
-puts burden on the wrong shoulders

Question 5

Processing the fear messages

Answer 5

1st appraisal: is the threat perceived as really threatening
-if no-no fear-nth happens
-if yes-fear-2nd appraisal

2nd appraisal- is the proposed response perceived as effective?
-if yes-danger control process-effective response
-if not-fear control process-non effective response

Question 6

Information Privacy

Answer 6

Claim of individuals, groups or institutions to determine for themselves when, how and to what extent info about them is communicated to others

Question 7

Privacy vs confidentiality

Answer 7

Confidentiality- controlled access-info only authorized by authorized entities-no perfect secrecy

Privacy-control where, what and how info about a person is made available-desire and right of control over disclosure. Not perfect secrecy

Question 8

3 types of privacy

Answer 8

1.interpersonal privacy
2.consumer privacy
3.citizen privacy

Question 9

Interpersonal privacy

Answer 9

Type of privacy. Privacy towards other known and unkown individuals such as family, friends, passersby’s…

Question 10

Consumer privacy

Answer 10

Privacy towards commercial organizations and service oriented governmental organizations

Question 11

Citizen privacy

Answer 11

Privacy towards governmental organizations concerned with safety and security of citizens

Question 12

Charter of fundamental rights of the eu article 8-1

Answer 12

Everyone has the right to the protection of personal data concerning him and her

Question 13

Personal data(gdpr definition)

Answer 13

Any data that can be connected to a concrete person, possibly with the help of additional info from other sources

Question 14

Westin’s cluster

Answer 14

Privacy fundamentalists-extremely concerned about security-generally unwilling to provide data

Privacy pragmatic-concerned but less so, often specific concerns

Privacy unaware-generally wiling to provide data-often expressing a mild general concern

Question 15

Privacy dichotomy/privacy paradox

Answer 15

Attitudes to privacy differ considerably from privacy-preserving behavior i.e. people are strongly concerned about privacy but release info for small rewards

I.e. loyalty cards-reports your purchases to interested third parties

Question 16

Behavioral economic of privacy

Answer 16

Rational choice theory- people are rational decision makers that maximize utility over time. Doesnt work for decision-making in security and privacy

Question 17

Most important deviations from rational theory

Answer 17

1.asymmetric information
2.bounded reality
3.behavioral biases

Question 18

Asymmetric information

Answer 18

Data subjects know less about data holders about the magnitude of data collection, usage of data and consequences

Question 19

Bounded reality

Answer 19

Replace rational decision making with simplified mental models for efficiency
-cant process all available info in time

Question 20

Behavioral biases

Answer 20

Even if all info is available and could be processed, people tend to behave irrationally because of some well studied behavioral distortions
-immediate gratification
-under insurance
-projection bias-preferences now are projected in the future
-self-control bias-strive for immediate gratification even if u know is not good
-optimism bias-my chances are lower than the same people under similar circumstances
-cumulative risk bias-fail to perceive how many low risks accumulate over time to a large risk

Question 21

Endowment effect

Answer 21

Something u already own is subjectively of more value to you than sth you don’t own yet

Question 22

Order effect

Answer 22

Decisions are influenced in the order in which alternatives are presented

Question 23

Possible harms from data mining

Answer 23

1.future creep
2.aggregation
3.exclusion

Question 24

Future creep

Answer 24

Large amounts of data gathered call for new usage ideas: can we use this data to find out x about this person or to predict behavior

Question 25

Aggregation-harms from data mining

Answer 25

Small pieces of data add into a profile. Might reveal info about user they dont want revealed

Question 26

Exclusion-data mining harm

Answer 26

People are denied certain things without knowing why-jobs,loans, entrances

Question 27

Ive got nth to hide

Answer 27

Privacy is not about hiding bad things, it is knowing when other people know things about you and make decisions based on those facts. Privacy is not only about individuals but also about society

Question 28

How can data retention help in fighting terrorism and criminals

Answer 28

-know the social network of a person
-know where this person was at a given time
-profile possible terrorists

Question 29

Risk perception: human brain responds to threats that have 4 features

Answer 29

1. Originates from people
   2.violate morality
   3.immediate
2. Changes things quickly