Sep 29, 2013 | Research library
It is widely agreed that a large amount of information systems (IS) security incidents occur in the workplace because employees subvert existing IS Security Policy (ISSP). In order to understand the factors that constrain employees from deviance and violation of the...
Sep 29, 2013 | Research library
Most prior research on preventing phishing attacks focuses on technology to identify and prevent the delivery of phishing emails. The current study supports an ongoing effort to develop a user-profile that predicts when phishing attacks will be successful. We sought...
Sep 9, 2013 | Research library
Many organisations run security awareness programmes with the aim of improving end user behaviours around information security. Yet behavioural research tells us that raising awareness will not necessarily lead to behaviour change. In this paper we examine the...
Aug 26, 2013 | Research library
To explore the effectiveness of embedded training, researchers conducted a large-scale experiment that tracked workers’ reactions to a series of carefully crafted spear phishing emails and a variety of immediate training and awareness activities. Based on...
Aug 16, 2013 | Research library
Toward the ultimate goal of enhancing human performance in cyber security, we attempt to understand the cognitive components of cyber security expertise. Our initial focus is on cyber security attackers – often called “hackers”. Our first aim is to develop behavioral...
Aug 14, 2013 | Research library
We empirically assess whether browser security warnings are as ineffective as suggested by popular opinion and previous literature. We used Mozilla Firefox and Google Chrome’s in-browser telemetry to observe over 25 million warning impressions in situ. During our...
