{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T06:56:01Z","timestamp":1760597761556,"version":"build-2065373602"},"reference-count":22,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2017,7,10]],"date-time":"2017-07-10T00:00:00Z","timestamp":1499644800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"Young generations make extensive use of mobile devices, such as smart-phones, tablets and laptops, for a variety of daily tasks with potentially critical impact, while the number of security breaches via portable devices increases exponentially. A plethora of security risks associated with these devices are induced by design shortcomings and vulnerabilities related to user behavior. Therefore, deploying suitable risk treatments requires the investigation of how security experts perceive the digital natives (young people, born in the digital era), when utilizing their user behavior models in the design and analysis of related systems. In this article, we present the results of a survey performed across a multinational sample of security professionals, in comparison to our earlier study over the security awareness of digital natives. Through this study, we seek to identify divergences between user behavior and the conceptual user-models that security experts utilise in their professional tasks. Our results indicate that the experts understanding over the user behaviour does not follow a solidified user-model, while influences from personal perceptions and randomness are also noticeable.<\/jats:p>","DOI":"10.3390\/fi9030032","type":"journal-article","created":{"date-parts":[[2017,7,10]],"date-time":"2017-07-10T11:05:31Z","timestamp":1499684731000},"page":"32","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["User Modelling Validation over the Security Awareness of Digital Natives"],"prefix":"10.3390","volume":"9","author":[{"given":"Vasileios","family":"Gkioulos","sequence":"first","affiliation":[{"name":"Department of Information Security and Communication Technology, Norwegian University of Science & Technology, 2802 Gj\u00f8vik, Norway"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3861-6746","authenticated-orcid":false,"given":"Gaute","family":"Wangen","sequence":"additional","affiliation":[{"name":"Department of Information Security and Communication Technology, Norwegian University of Science & Technology, 2802 Gj\u00f8vik, Norway"}]},{"given":"Sokratis","family":"Katsikas","sequence":"additional","affiliation":[{"name":"Department of Information Security and Communication Technology, Norwegian University of Science & Technology, 2802 Gj\u00f8vik, Norway"},{"name":"Department of Digital Systems, University of Piraeus, 18532 Piraeus, Greece"}]}],"member":"1968","published-online":{"date-parts":[[2017,7,10]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., and Wagner, D. (2012, January 11\u201313). Android permissions: User attention, comprehension, and behavior. Proceedings of the Eighth Symposium on Usable Privacy and Security, Washington, DC, USA.","DOI":"10.1145\/2335356.2335360"},{"key":"ref_2","unstructured":"Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., and Wetherall, D. (March, January 27). A conundrum of permissions: Installing applications on an android smartphone. Proceedings of the International Conference on Financial Cryptography and Data Security, Kralendijk, Bonaire."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Ophoff, J., and Robinson, M. (2014, January 13\u201314). Exploring end-user smartphone security awareness within a South African context. Proceedings of the Information Security for South Africa, Johannesburg, South Africa.","DOI":"10.1109\/ISSA.2014.6950500"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Gkioulos, V., Wangen, G., Katsikas, S.K., Kavallieratos, G., and Kotzanikolaou, P. (2017). Security Awareness of the Digital Natives. Information, 8.","DOI":"10.3390\/info8020042"},{"key":"ref_5","unstructured":"Lella, A., and Lipsman, A. (2015, April 08). The US Mobile App Report. Available online: http:\/\/www.comscore.com\/Insights\/Presentationsand-Whitepapers\/2014\/The-US-Mobile-App-Report."},{"key":"ref_6","first-page":"1","article-title":"Digital natives, digital immigrants part 1","volume":"9","author":"Prensky","year":"2001","journal-title":"Horizon"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"775","DOI":"10.1111\/j.1467-8535.2007.00793.x","article-title":"The \u2018digital natives\u2019 debate: A critical review of the evidence","volume":"39","author":"Bennett","year":"2008","journal-title":"Br. J. Educ. Technol."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Chin, E., Felt, A.P., Sekar, V., and Wagner, D. (2012, January 11\u201313). Measuring user confidence in smartphone security and privacy. Proceedings of the Eighth Symposium on Usable Privacy and Security, Washington, DC, USA.","DOI":"10.1145\/2335356.2335358"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Mylonas, A., Gritzalis, D., Tsoumas, B., and Apostolopoulos, T. (2013, January 28\u201329). A qualitative metrics vector for the awareness of smartphone security users. Proceedings of the 10th International Conference on Trust, Privacy and Security in Digital Business, Prague, Czech.","DOI":"10.1007\/978-3-642-40343-9_15"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1016\/j.cose.2012.11.004","article-title":"Delegate the smartphone user? Security awareness in smartphone platforms","volume":"34","author":"Mylonas","year":"2013","journal-title":"Comput. Secur."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Parker, F., Ophoff, J., Van Belle, J.P., and Karia, R. (2015, January 15\u201317). Security awareness and adoption of security controls by smartphone users. Proceedings of the Second International Conference on Information Security and Cyber Forensics (InfoSec), Cape Town, South Africa.","DOI":"10.1109\/InfoSec.2015.7435513"},{"key":"ref_12","first-page":"84","article-title":"Safe use of mobile devices arises from knowing the threats","volume":"20","author":"Markelj","year":"2015","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"513","DOI":"10.1016\/j.clsr.2016.01.006","article-title":"Comprehension of cyber threats and their consequences in Slovenia","volume":"32","author":"Markelj","year":"2016","journal-title":"Comput. Law Secur. Rev."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Kandias, M., Mylonas, A., Virvilis, N., Theoharidou, M., and Gritzalis, D. (2010, January 30\u201331). An insider threat prediction model. Proceedings of the International Conference on Trust, Privacy and Security in Digital Business, Bilbao, Spain.","DOI":"10.1007\/978-3-642-15152-1_3"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"2799","DOI":"10.1016\/j.chb.2008.04.005","article-title":"Security lapses and the omission of information security measures: A threat control model and empirical test","volume":"24","author":"Workman","year":"2008","journal-title":"Comput. Hum. Behav."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"523","DOI":"10.2307\/25750690","article-title":"Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness","volume":"34","author":"Bulgurcu","year":"2010","journal-title":"MIS Q."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"815","DOI":"10.1016\/j.dss.2008.11.010","article-title":"Studying users\u2019 computer security behavior: A health belief perspective","volume":"46","author":"Ng","year":"2009","journal-title":"Decis. Support Syst."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Asgharpour, F., Liu, D., and Camp, L.J. (2007, January 12\u201316). Mental models of security risks. Proceedings of the 11th International Conference on Financial Cryptography and Data Security, Scarborough, Trinidad and Tobago.","DOI":"10.1007\/978-3-540-77366-5_34"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Camp, L.J. (2009). Mental models of privacy and security. IEEE Technol. Soc. Mag., 28.","DOI":"10.1109\/MTS.2009.934142"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Herley, C. (2009, January 8\u201311). So long, and no thanks for the externalities: The rational rejection of security advice by users. Proceedings of the Workshop on New Security Paradigms Workshop, Oxford, UK.","DOI":"10.1145\/1719030.1719050"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Ariu, D., Bosco, F., Ferraris, V., Perri, P., Spolti, G., Stirparo, P., Vaciago, G., and Zanero, S. (2014). Security of the Digital Natives. Available SSRN.","DOI":"10.2139\/ssrn.2442037"},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"625","DOI":"10.1007\/s10459-010-9222-y","article-title":"Likert scales, levels of measurement and the \u201claws\u201d of statistics","volume":"15","author":"Norman","year":"2010","journal-title":"Adv. Health Sci. Educ."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/9\/3\/32\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T18:42:06Z","timestamp":1760208126000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/9\/3\/32"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,7,10]]},"references-count":22,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2017,9]]}},"alternative-id":["fi9030032"],"URL":"https:\/\/doi.org\/10.3390\/fi9030032","relation":{},"ISSN":["1999-5903"],"issn-type":[{"type":"electronic","value":"1999-5903"}],"subject":[],"published":{"date-parts":[[2017,7,10]]}}}