Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Too much knowledge? Security beliefs and protective behaviors among United States internet users
This study explores the mental models of information security threats held by users who make security decisions about their home computers. A survey of a large representative sample of US Internet users revealed demographic differences in both beliefs about security...
Nudging towards security: Developing an application for wireless network selection for android phones
People make security choices on a daily basis without fully considering the security implications of those choices. In this paper we present a prototype application which promotes the choice of secure wireless network options, specifically when users are unfamiliar...
Evolvement of information security research on employees behavior: A systematic review and future direction
Information Security (IS) is one of the biggest concerns for many organizations. This concern has led many to focus a huge effort into studying different IS areas. One of these critical areas is the human aspect, where investigation of employees' behaviors has emerged...
The design of phishing studies: Challenges for researchers
In this paper, a role play scenario experiment of people's ability to differentiate between phishing and genuine emails demonstrated limitations in the generalisability of phishing studies. This involves issues around the priming of participants and the diversity of...
A protection motivation theory approach to improving compliance with password guidelines
Usernames and passwords form the most widely used method of user authentication on the Internet. Yet, users still find compliance with password guidelines difficult. The primary objective of this research was to investigate how compliance with password guidelines and...
Analyzing the role of cognitive and cultural biases in the internalization of information security policies: Recommendations for information security awareness programs
Standards and best practices for information security awareness programs focus on the content and processes of the programs, without taking into consideration how individuals internalize security-related information and how individuals make security related decisions....
Online safety begins with you and me: Convincing Internet users to protect themselves
This article delves into the persistent issue of individuals neglecting basic cybersecurity measures, despite the increasing reports of losses from security breaches. It emphasizes the importance of understanding the psychological factors that encourage users to adopt...
Improving your security awareness campaigns: Examples from behavioral science
This short blog post suggests cyber security awareness campaigns should not be run by IT but by human resources or standalone departments; that companies should quantify risks to guide cyber security investments; that awareness campaign effectiveness should be...
The sufficiency of the theory of planned behavior for explaining information security policy compliance
This paper aims to challenge the assumption that the theory of planned behaviour (TPB) includes all constructs that explain information security policy compliance and investigates if anticipated regret or constructs from the protection motivation theory add...
Experiments with security and privacy in IoT networks
We explore the risks to security and privacy in IoT networks by setting up an inexpensive home automation network and performing a set of experiments intended to study attacks and defenses. We focus on privacy preservation in home automation networks but our insights...
Investigating personal determinants of phishing and the effect of national culture
The purpose of the study was twofold: to investigate the correlation between a sample of personal psychological and demographic factors and resistance to phishing; and to investigate if national culture moderates the strength of these correlations. Intention to resist...
Scaring and bullying people into security won’t work
Users are more likely to respond to trustworthy and credible risk indicators that align with the threats they wish to evade. Security measures that frequently yield false positives erode the credibility of security protocols and condition users to disregard them. To...
Examining the distinct antecedents of E-mail habits and its influence on the outcomes of a phishing attack
This research investigates the link between social media phishing susceptibility and individual Facebook habits, particularly how these habits lead to victimization and its relation to email-based phishing. The study analyzes the precursors and effects of email habits...
“… no one can hack my mind”: Comparing expert and non-expert security practices
The state of advice given to people today on how to stay safe online has plenty of room for improvement. Too many things are asked of them, which may be unrealistic, time consuming, or not really worth the effort. To improve the security advice, our community must...
Empirical study on ICT system’s users’ risky behavior and security awareness
In this study authors gathered information on ICT users from different areas in Croatia with different knowledge, experience, working place, age and gender background in order to examine today's situation in the Republic of Croatia (n=701) regarding ICT users'...
Cleaning house: The impact of information technology monitoring on employee theft and productivity
This study explores the impact of technology-based employee monitoring on both misconduct and productivity in businesses. The research utilizes unique theft and sales data from 392 restaurants across five companies that implemented a theft monitoring information...
Leadership styles and information security compliance behavior: The mediator effect of information security awareness
Leadership styles play an important role to enhance employee’s information security awareness and may lead to proper information security compliance behavior. Therefore, the current study aims to investigate the indirect effect of leadership styles on user’s...
Organizational safety climate and supervisor safety enforcement: Multilevel explorations of the causes of accident underreporting
According to national surveillance statistics, over 3 million employees are injured each year; yet, research indicates that these may be substantial underestimates of the true prevalence. The purpose of the current project was to empirically test the hypothesis that...
A closer look into privacy and security of Chromecast multimedia cloud communications
Cloud computing has enabled a wide range of streaming multimedia applications and many HDMI based devices have emerged as a result. Chromecast is one of these devices that plugs into the HDMI port of a larger screen and turns it into a smart screen. With Chromecast,...
Scaling the security wall: Developing a security behavior intentions scale (SeBIS)
Despite the plethora of security advice and online education materials offered to end-users, there exists no standard measurement tool for end-user security behaviors. We present the creation of such a tool. We surveyed the most common computer security advice that...
Trust and distrust on the web: User experiences and website characteristics
This study aims to analyze the components of user experiences that cultivate trust and incite distrust on the internet, with a specific focus on the characteristics of websites that bolster trust or provoke distrust. We gathered data on users' experiences during...