TY - JOUR AB - Purpose The purpose of this study isto identify factors that determine computer and security expertise in end users. They can be significant determinants of human behaviour and interactions in the security and privacy context. Standardized, externally valid instruments for measuring end-user security expertise are non-existent.Design/methodology/approach A questionnaire encompassing skills and knowledge-based questions was developed to identify critical factors that constitute expertise in end users. Exploratory factor analysis was applied on the results from 898 participants from a wide range of populations. Cluster analysis was applied to characterize the relationship between computer and security expertise. Ordered logistic regression models were applied to measure efficacy of the proposed security and computing factors in predicting user comprehension of security concepts: phishing and certificates.Findings There are levels to peoples’ computer and security expertise that could be reasonably measured and operationalized. Four factors that constitute computer security-related skills and knowledge are, namely, basic computer skills, advanced computer skills, security knowledge and advanced security skills, and these are identified as determinants of computer expertise.Practical implications Findings from this work can be used to guide the design of security interfaces such that it caters to people with different expertise levels and does not force users to exercise more cognitive processes than required.Originality/value This work identified four factors that constitute security expertise in end users. Findings from this work were integrated to propose a framework called Security SRK for guiding further research on security expertise. This work posits that security expertise instrument for end user should measure three cognitive dimensions: security skills, rules and knowledge. VL - 25 IS - 2 SN - 2056-4961 DO - 10.1108/ICS-04-2017-0020 UR - https://doi.org/10.1108/ICS-04-2017-0020 AU - Rajivan Prashanth AU - Moriano Pablo AU - Kelley Timothy AU - Camp L. Jean PY - 2017 Y1 - 2017/01/01 TI - Factors in an end user security expertise instrument T2 - Information & Computer Security PB - Emerald Publishing Limited SP - 190 EP - 205 Y2 - 2024/05/09 ER -