Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
A systematic review of approaches to assessing cybersecurity awareness
The purpose of this paper is to survey, explore and inform researchers about the previous methodologies applied, target audience and coverage of previous assessment of cybersecurity awareness by capturing, summarizing, synthesizing and critically comment on it. It is...
“ My data just goes everywhere : ” User mental models of the internet and implications for privacy and security
Many people use the Internet every day yet know little about how it really works. Prior literature diverges on how people’s Internet knowledge affects their privacy and security decisions. We undertook a qualitative study to understand what people do and do not know...
Studying safe online banking behaviour : A protection motivation theory approach
In this paper, a conceptual research model is proposed to study safe online banking behaviour. The Protection Motivation Theory functions as the core of the model. The model is extended with additional variables, making it suitable for the online banking context. The...
Too much knowledge? Security beliefs and protective behaviors among United States internet users
This study explores the mental models of information security threats held by users who make security decisions about their home computers. A survey of a large representative sample of US Internet users revealed demographic differences in both beliefs about security...
Nudging towards security: Developing an application for wireless network selection for android phones
People make security choices on a daily basis without fully considering the security implications of those choices. In this paper we present a prototype application which promotes the choice of secure wireless network options, specifically when users are unfamiliar...
Evolvement of information security research on employees behavior: A systematic review and future direction
Information Security (IS) is one of the biggest concerns for many organizations. This concern has led many to focus a huge effort into studying different IS areas. One of these critical areas is the human aspect, where investigation of employees' behaviors has emerged...
The design of phishing studies: Challenges for researchers
In this paper, a role play scenario experiment of people's ability to differentiate between phishing and genuine emails demonstrated limitations in the generalisability of phishing studies. This involves issues around the priming of participants and the diversity of...
A protection motivation theory approach to improving compliance with password guidelines
Usernames and passwords form the most widely used method of user authentication on the Internet. Yet, users still find compliance with password guidelines difficult. The primary objective of this research was to investigate how compliance with password guidelines and...
Analyzing the role of cognitive and cultural biases in the internalization of information security policies: Recommendations for information security awareness programs
Standards and best practices for information security awareness programs focus on the content and processes of the programs, without taking into consideration how individuals internalize security-related information and how individuals make security related decisions....
Online safety begins with you and me: Convincing Internet users to protect themselves
This article delves into the persistent issue of individuals neglecting basic cybersecurity measures, despite the increasing reports of losses from security breaches. It emphasizes the importance of understanding the psychological factors that encourage users to adopt...
Improving your security awareness campaigns: Examples from behavioral science
This short blog post suggests cyber security awareness campaigns should not be run by IT but by human resources or standalone departments; that companies should quantify risks to guide cyber security investments; that awareness campaign effectiveness should be...
The sufficiency of the theory of planned behavior for explaining information security policy compliance
This paper aims to challenge the assumption that the theory of planned behaviour (TPB) includes all constructs that explain information security policy compliance and investigates if anticipated regret or constructs from the protection motivation theory add...
Experiments with security and privacy in IoT networks
We explore the risks to security and privacy in IoT networks by setting up an inexpensive home automation network and performing a set of experiments intended to study attacks and defenses. We focus on privacy preservation in home automation networks but our insights...
Investigating personal determinants of phishing and the effect of national culture
The purpose of the study was twofold: to investigate the correlation between a sample of personal psychological and demographic factors and resistance to phishing; and to investigate if national culture moderates the strength of these correlations. Intention to resist...
Scaring and bullying people into security won’t work
Users are more likely to respond to trustworthy and credible risk indicators that align with the threats they wish to evade. Security measures that frequently yield false positives erode the credibility of security protocols and condition users to disregard them. To...
Examining the distinct antecedents of E-mail habits and its influence on the outcomes of a phishing attack
This research investigates the link between social media phishing susceptibility and individual Facebook habits, particularly how these habits lead to victimization and its relation to email-based phishing. The study analyzes the precursors and effects of email habits...
“… no one can hack my mind”: Comparing expert and non-expert security practices
The state of advice given to people today on how to stay safe online has plenty of room for improvement. Too many things are asked of them, which may be unrealistic, time consuming, or not really worth the effort. To improve the security advice, our community must...
Empirical study on ICT system’s users’ risky behavior and security awareness
In this study authors gathered information on ICT users from different areas in Croatia with different knowledge, experience, working place, age and gender background in order to examine today's situation in the Republic of Croatia (n=701) regarding ICT users'...
Cleaning house: The impact of information technology monitoring on employee theft and productivity
This study explores the impact of technology-based employee monitoring on both misconduct and productivity in businesses. The research utilizes unique theft and sales data from 392 restaurants across five companies that implemented a theft monitoring information...
Leadership styles and information security compliance behavior: The mediator effect of information security awareness
Leadership styles play an important role to enhance employee’s information security awareness and may lead to proper information security compliance behavior. Therefore, the current study aims to investigate the indirect effect of leadership styles on user’s...
Organizational safety climate and supervisor safety enforcement: Multilevel explorations of the causes of accident underreporting
According to national surveillance statistics, over 3 million employees are injured each year; yet, research indicates that these may be substantial underestimates of the true prevalence. The purpose of the current project was to empirically test the hypothesis that...