This article outlines the process of developing a taxonomy of end user security-related behaviors, testing its consistency, and using it to conduct a U.S. survey on key end user behaviors. The study involved interviewing 110 individuals knowledgeable about end user security behaviors, conducting a behavior rating exercise with 49 IT experts, and running a U.S. survey with 1167 end users to gather self-reported data on their password-related behaviors. The results suggested that the taxonomy of end user security behaviors fit well on a two-dimensional map, with one dimension representing the level of technical knowledge required for the behavior and the other representing the intentionality of the behavior (malicious, neutral, or benevolent). The U.S. survey on non-malicious, low technical knowledge behaviors related to password creation and sharing revealed generally poor password hygiene, with significant variations across different types of organizations, such as military organizations and telecommunications companies.
The Impact of Workload on Phishing Susceptibility: An Experiment
Phishing is when social engineering is used to deceive a person into sharing sensitive information or downloading...