Developing a Mental Model for use in the Context of Computer Security

A mental model is a useful tool for describing user's general mental processes that go into certain actions. In this paper, we investigate how to enhance the usability of security applications by considering human factors. Specifically, we study how to better understand and develop the user's mental model in the context of computer security through the use of the reasoned action approach (RAA). RAA explains that a user's behavior is determined by her intention to perform the behavior and the intention is, in turn, a function of attitudes towards the behavior, perceived norms (or social pressure), and perceived behavior control (capacity and relevant skills/abilities). A user study was conducted to test the validity of each of the main components of the model. Our user study concluded that alterations to a computer security application improved by the analysis through the mental model created improved user behavior.