Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Employee information security beliefs in the home environment
Through a series of qualitative interviews with 19 participants, this study looked into and reported several factors influencing employees' security behaviour at home.
The socio-technical impact on security of the healthcare internet of things in the use of personal monitoring devices (PMDs)
This paper sets out a framework that might allow those who use healthcare personal monitoring devices (such as fitness trackers) to better protect their personal information.
What do they really think? Overcoming social acceptability bias in information security research
This study used two techniques to ensure people accurately reported attitudes on information security in the workplace. A key finding was those who believed information security to be the responsibility of the organisation felt security risks to be overstated, whereas...
Understanding susceptibility to phishing emails: Assessing the impact of individual differences and culture
This study looked into how individual differences and national culture impacted participants’ responses to phishing and spear-phishing emails. The study found a national culture that promoted the needs of the individual (rather than the needs of society) increased the...
Understanding the relationships between resilience, work stress and information security awareness
This study examined the relationship between Information Security Awareness (ISA), resilience and work stress, finding greater resilience to be associated with higher ISA and lower work stress.
Securing mobile devices: Evaluating the relationship between risk perception, organisational commitment and information security awareness
This study examined the relationship between perception of risk, organisational commitment, and Information Security Awareness (ISA), finding both organisational commitment and perception of personal risk to be significant predictors of ISA. Surprisingly, frequency of...
Deep thought: A cybersecurity story
ideas42 aims to help solve difficult social problems using insights from behavioural science. In this instance, the problem in question is the human aspect of cyber security. The paper applies psychology and behavioural science principles to common cyber security...
Embedding security behaviours: Using the 5Es
This framework is designed to help embed and sustain security behaviours in employees. The framework is condensed into 5Es (Educate, Enable, Environment, Encourage, Evaluate) and explains how to implement these using examples and tactical interventions.
UK University fails to learn – UEA, a data breach repeat offender
SC Magazine
Australia and Malaysia hit by major data breaches
Silicon Republic
Protect against human nature
Travel Trade Gazette
If you want my national insurance number, just ask!
Why we’re so comfortable handing out personal details online – and how we may be able to reverse the trend On a mild July evening in 2010, Leo Hickman set out to meet a woman named Louise. At the time Louise, a 30-something recruitment consultant with straight, auburn...
How to launch a behavior-change revolution
A team spear-headed by University of Pennsylvania researchers have launched an ambitious research project called Behavior Change for Good. The project will attempt to determine the best behavioural-change practices in three areas: health, education and personal...
Measuring the success of context-aware security behaviour surveys
Background: We reflect on a methodology for developing scenario-based security behaviour surveys that evolved through deployment in two large partner organisations (A & B). In each organisation, scenarios are grounded in workplace tensions between security and...
Phish phinder: A game design approach to enhance user confidence in mitigating phishing attacks
This paper proposes and sets out the framework for the development of a game designed to help educate users about phishing attacks. The proposed game draws on academic research and would take the form a series of challenges that inherently educate users about phishing...
British Intelligence Blames Iran for Cyberattack on UK Parliament
Iran news update
Sources say Deloitte cyberattack may have impacted US government
Silicon Republic
If someone is watching, I’ll do what I’m asked: Mandatoriness, control, and information security
This research finds people are motivated to follow security procedures when they believe the procedures to be compulsory, and that both specifying policies and evaluating behaviors help position security policies as mandatory. It follows that specifying policies and...
Nudges for privacy and security: Understanding and assisting users’ choices online
Advancements in information technology often task users with complex and consequential privacy and security decisions. A growing body of research has investigated individuals’ choices in the presence of privacy and information security tradeoffs, the decision-making...
Tackling the human aspect of cybersecurity: The psychology of a law firm
Tackling the Human Aspect of Cyber Security: Legal PsychologyFor years, cyber attackers have relied on human psychology to manipulate victims and launch their most common, most disruptive attacks. Developed in collaboration with behavioural change psychologist...
Deloitte hit by major client email hack
AccountingWeb