Looking for Trouble: Understanding End-User Security Management

End users are often cast as the weak link in computer security; they fall victim to social engineering and tend to know very little about security technology and policies. This paper challenges this view as derogatory and unconstructive, arguing that users, as agents of organizations, often have sophisticated strategies regarding sensitive data, and are quite cautious. Existing work on user security practice has failed to consider how users view security; this paper provides content on and analysis of end user perspectives on security management.