Enhancing security risk awareness in end-users via affective feedback

Student thesis: Doctoral Thesis


Background: Risky security behaviour displayed by end-users has the potential to leave devices vulnerable to compromise, despite the availability of security tools designed to aid users in defending themselves against potential online threats. This indicates a need to modify the behaviour of end-users, allowing them to consider the security implications of their actions online. Previous research has indicated affective feedback may serve as a successful method of educating users about risky security behaviours. Thus, by influencing end-users via affective feedback it may be possible to engage users, improving their security awareness.

Aims: Develop and apply knowledge of monitoring techniques and affective feedback, establishing if this changes users’ awareness of risky security behaviour in the context of a browser-based environment.

Methodology: The methodology employs the use of log files derived from the monitoring solution, and information provided by users during the experiments. Questionnaire data was compared against log files and information provided during experiments, providing an overall quantitative approach.

Results: In the case of the log files and questionnaires, participants were found to have engaged in instances of risky security behaviours, which they were unaware of, and this indicated a low-level of awareness of risky security behaviour. Whilst the results indicate the affective feedback did not make a difference to behaviour during the course of the experiments, participants felt that the affective feedback delivered had an impact, raising their security awareness, encouraging them to learn about online security.

Conclusions: This body of research has made a novel contribution to the field of affective feedback and usable security. Whilst the results indicate the affective feedback made no difference to behaviour, users felt it had an impact on them, persuading them to consider their security behaviours online, and encouraging them to increase their knowledge of risky security behaviours. The research highlights the potential application of affective feedback in the field of usable security. Future work seeks to explore different ways in which affective feedback can be positioned on-screen, and how feedback can be tailored to target specific groups, such as children, or elderly people., with the aim of raising security awareness.
Date of Award31 Aug 2016
Original languageEnglish
Awarding Institution
  • Abertay University
SupervisorJacqueline Archibald (Supervisor) & Ian Ferguson (Supervisor)


  • End-user security behaviour
  • Usable security
  • Affective feedback
  • User monitoring techniques
  • User feedback
  • Security awareness
  • Human factors of cybersecurity

Cite this