Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Cleaning house: The impact of information technology monitoring on employee theft and productivity
This study explores the impact of technology-based employee monitoring on both misconduct and productivity in businesses. The research utilizes unique theft and sales data from 392 restaurants across five companies that implemented a theft monitoring information...
Leadership styles and information security compliance behavior: The mediator effect of information security awareness
Leadership styles play an important role to enhance employee’s information security awareness and may lead to proper information security compliance behavior. Therefore, the current study aims to investigate the indirect effect of leadership styles on user’s...
Organizational safety climate and supervisor safety enforcement: Multilevel explorations of the causes of accident underreporting
According to national surveillance statistics, over 3 million employees are injured each year; yet, research indicates that these may be substantial underestimates of the true prevalence. The purpose of the current project was to empirically test the hypothesis that...
A closer look into privacy and security of Chromecast multimedia cloud communications
Cloud computing has enabled a wide range of streaming multimedia applications and many HDMI based devices have emerged as a result. Chromecast is one of these devices that plugs into the HDMI port of a larger screen and turns it into a smart screen. With Chromecast,...
Scaling the security wall: Developing a security behavior intentions scale (SeBIS)
Despite the plethora of security advice and online education materials offered to end-users, there exists no standard measurement tool for end-user security behaviors. We present the creation of such a tool. We surveyed the most common computer security advice that...
Trust and distrust on the web: User experiences and website characteristics
This study aims to analyze the components of user experiences that cultivate trust and incite distrust on the internet, with a specific focus on the characteristics of websites that bolster trust or provoke distrust. We gathered data on users' experiences during...
“Shadow Security” as a tool for the learning organization
Traditionally, organizations manage information security through policies and mechanisms that employees are expected to comply with. Noncompliance with security is regarded as undesirable, and often sanctions are threatened to deter it. But in a recent study, we...
An enhanced fear appeal rhetorical framework: Leveraging threats to the human asset through sanctioning rhetoric
Fear appeals, which are used widely in information security campaigns, have become common tools in motivating individual compliance with information security policies and procedures. However, empirical assessments of the effectiveness of fear appeals have yielded...
The social psychology of cybersecurity
As the fields of HCI, cybersecurity and psychology continue to grow and diversify there is greater overlap between these areas and new opportunities for interdisciplinary collaboration. This paper argues for a focus specifically on the role of social psychology in...
True (but not false) memories are subject to retrieval-induced forgetting in children
This paper's researchers studied the concept of retrieval-induced forgetting in children. Researchers found that while actual memories were indeed subject to retrieval-induced forgetting, false meories were not. The finding suggests cue indepedence – the idea of cues...
Predicting privacy and security attitudes
While individual differences in decision-making have been examined within the social sciences for several decades, this research has only recently begun to be applied by computer scientists to examine privacy and security attitudes (and ultimately behaviors)....
NoPhish app evaluation: Lab and retention study
Phishing is a prevalent issue of today’s Internet. Previous approaches to counter phishing do not draw on a crucial factor to combat the threat - the users themselves. We believe user education about the dangers of the Internet is a further key strategy to combat...
The professionalisation of information security: Perspectives of UK practitioners
As businesses face growing cyber threats, governments in the UK and the US are making strides in the professional development and recognition of information security practitioners. This qualitative research provides the first academic investigation into the attitudes...
Privacy and human behavior in the age of information
This review summarizes and draws connections between diverse streams of empirical research on privacy behavior. We use three themes to connect insights from social and behavioral sciences: people’s uncertainty about the consequences of privacy-related behaviors and...
The self-efficacy variable in behavioral information security research
There is a lack of consistent use of measurements for factors related to people's information security behavior. Specifically, a conceptually relaxed utilization of the variable "self-efficacy" makes it difficult for researchers to perform meaningful cross-study...
Unpacking security policy compliance: The motivators and barriers of employees’ security behaviors
The body of research that focuses on employees’ Information Security Policy compliance is problematic as it treats compliance as a single behavior. This study explored the underlying behavioral context of information security in the workplace, exploring how individual...
Spear-phishing in the wild: A real-world study of personality, phishing self-efficacy and vulnerability to spear-phishing attacks
Recent research has begun to focus on the factors that cause people to respond to phishing attacks. In this study a real-world spear-phishing attack was performed on employees in organizational settings in order to examine how users’ personality, attitudinal and...
Information security in the workplace: A mixed-methods approach to understanding and improving security behaviours
The thesis identified influencers and barriers to specific security behaviours and developed an extended-Protection Motivation Theory model. The model includes information sensitivity appraisal as an important influencer for which a new scale (WISA) was developed and...
Effects of cyber security knowledge on attack detection
Ensuring cyber security is a complex task that relies on domain knowledge and requires cognitive abilities to determine possible threats from large amounts of network data. This study investigates how knowledge in network operations and information security influence...
Individual differences in cyber security behaviors: An examination of who is sharing passwords
In spite of the number of public advice campaigns, researchers have found that individuals still engage in risky password practices. There is a dearth of research available on individual differences in cyber security behaviors. This study focused on the risky practice...
Perceived information security risk as a function of probability and severity
Information security risks are frequently assessed in terms of the probability that a threat will be realized and the severity of the consequences of a realized threat. In methods and manuals, the product of this probability and severity is often thought of as the...