People adopt security technologies and make security decisions based on their perceptions of what risks they have, and what things they can do to protect their devices and their information. We refer to these perceptions as mental models. People rely on their mental models to decide how to use their computing devices and the consequences of these actions. Understanding why users make security decisions and addressing the misconceptions in their mental models, specifically regarding security risks, can help prevent security mistakes made by users and help us determine how to help users make good security decisions. This dissertation explores how users perceive security risks, why they make security-related decisions, and where they have misconceptions. In my dissertation, I examine how users' mental models of security and privacy differ by device platform, how that impacts how people use and interact with applications on each platform, and how user's mental models can be used to influence adoption of good device security practices. In this dissertation, I present the results of three user studies exploring user mental models of security and privacy and how users need an increasing awareness of security risks and measures across all types of computing platforms in order to adopt appropriate practices to protect themselves and their information. While existing research on mental models of security and privacy has been conducted on a variety of device platforms, this work has been primarily focused on identifying mental models of security and privacy which apply to computers and smartphones, explaining how the risks users perceive with a device influence the actions they take to protect themselves from known security risks, such as viruses and data sharing.However, there is a lack of research into the mental models of security on other device platforms, particularly tablet-based device platforms. The overarching purpose of my studies are to determine how users' mental models of security and privacy differ by device platform and understand how the relationship between mental models and user behavior affects users' interaction with each device platform. The study of this topic addresses a phenomenon in the field, explained by Wash [50], which is that users use mental models to decide how to use their devices and the consequences of these actions. Understanding why users make security decisions and addressing the misconceptions in their mental models, specifically regarding security risks, can help prevent security mistakes made by users. These mistakes could result in data being collected without the users' awareness, or their personal information, files, money, and/or data being stolen or compromised due to risks such as virus, hackers, or phishing attacks.The studies in this dissertation expand upon existing research by deepening the understanding of device-specific mental models and their effect on device-specific security behaviors through an interview-based study and survey-based study of security related mental models across the three primary personal computing platforms- laptops, smartphones, and tablets. Additionally, the third study in this dissertation explores the potential influence of device-specific mental models and nudges in encouraging potential adoption of security tools on other platforms based on existing adoption of the tool on a traditional computing device. Results of the first study indicated users had the most detailed and nuanced perceptions of risk and security behaviors with laptops, while mental models of smartphones and tablets were under-developed, leading to fewer security practices. Similarly, results of the second study indicated that the mental models and perceptions in the first study existed on all three platforms, though they varied in their prevalence. Additionally, the second study indicated that while adopted security behavior(s) are generally consisted across all three platforms, regardless of the user's device-specific mental models, their adopted security tools did differ with more tools being adopted on traditional computing devices. The results of the third study indicated that nudges may be effective in encouraging adoption of security tools on other devices, particularly with motivators and calls to action informed from existing device-specific mental models.