Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
True (but not false) memories are subject to retrieval-induced forgetting in children
This paper's researchers studied the concept of retrieval-induced forgetting in children. Researchers found that while actual memories were indeed subject to retrieval-induced forgetting, false meories were not. The finding suggests cue indepedence – the idea of cues...
Predicting privacy and security attitudes
While individual differences in decision-making have been examined within the social sciences for several decades, this research has only recently begun to be applied by computer scientists to examine privacy and security attitudes (and ultimately behaviors)....
NoPhish app evaluation: Lab and retention study
Phishing is a prevalent issue of today’s Internet. Previous approaches to counter phishing do not draw on a crucial factor to combat the threat - the users themselves. We believe user education about the dangers of the Internet is a further key strategy to combat...
The professionalisation of information security: Perspectives of UK practitioners
As businesses face growing cyber threats, governments in the UK and the US are making strides in the professional development and recognition of information security practitioners. This qualitative research provides the first academic investigation into the attitudes...
Privacy and human behavior in the age of information
This review summarizes and draws connections between diverse streams of empirical research on privacy behavior. We use three themes to connect insights from social and behavioral sciences: people’s uncertainty about the consequences of privacy-related behaviors and...
The self-efficacy variable in behavioral information security research
There is a lack of consistent use of measurements for factors related to people's information security behavior. Specifically, a conceptually relaxed utilization of the variable "self-efficacy" makes it difficult for researchers to perform meaningful cross-study...
Unpacking security policy compliance: The motivators and barriers of employees’ security behaviors
The body of research that focuses on employees’ Information Security Policy compliance is problematic as it treats compliance as a single behavior. This study explored the underlying behavioral context of information security in the workplace, exploring how individual...
Spear-phishing in the wild: A real-world study of personality, phishing self-efficacy and vulnerability to spear-phishing attacks
Recent research has begun to focus on the factors that cause people to respond to phishing attacks. In this study a real-world spear-phishing attack was performed on employees in organizational settings in order to examine how users’ personality, attitudinal and...
Information security in the workplace: A mixed-methods approach to understanding and improving security behaviours
The thesis identified influencers and barriers to specific security behaviours and developed an extended-Protection Motivation Theory model. The model includes information sensitivity appraisal as an important influencer for which a new scale (WISA) was developed and...
Effects of cyber security knowledge on attack detection
Ensuring cyber security is a complex task that relies on domain knowledge and requires cognitive abilities to determine possible threats from large amounts of network data. This study investigates how knowledge in network operations and information security influence...
Individual differences in cyber security behaviors: An examination of who is sharing passwords
In spite of the number of public advice campaigns, researchers have found that individuals still engage in risky password practices. There is a dearth of research available on individual differences in cyber security behaviors. This study focused on the risky practice...
Perceived information security risk as a function of probability and severity
Information security risks are frequently assessed in terms of the probability that a threat will be realized and the severity of the consequences of a realized threat. In methods and manuals, the product of this probability and severity is often thought of as the...
Understanding nonmalicious security violations in the workplace: A composite behavior model
End users are said to be "the weakest link" in information systems (IS) security management in the workplace. They often knowingly engage in certain insecure uses of IS and violate security policies without malicious intentions. Few studies, however, have examined end...
Reading this may harm your computer: The psychology of malware warnings
Internet users face large numbers of security warnings, which they mostly ignore. To improve risk communication, warnings must be fewer but better. We report an experiment on whether compliance can be increased by using some of the social-psychological techniques the...
Reducing risky security behaviours: Utilising affective feedback to educate users
Despite the number of tools created to help end-users reduce risky security behaviours, users are still falling victim to online attacks. This paper proposes a browser extension utilising affective feedback to provide warnings on detection of risky behaviour. The...
Promoting online safety among adolescents: Enhancing coping self-efficacy and protective behaviors through enactive mastery
This chapter presents a framework for developing programs aimed at promoting safer behavior among adolescents. It introduces the concept of 'involvement' to the protection motivation theory literature, highlighting its importance in devising effective campaigns for...
Increasing security sensitivity with social proof: A large-scale experimental confirmation
One of the largest outstanding problems in computer security is the need for higher awareness and use of available security tools. One promising but largely unexplored approach is to use social proof: by showing people that their friends use security features, they...
An extended perspective on individual security behaviors
Security threats regularly affect users of home computers. As such, it is important to understand the practices of users for protecting their computers and networks, and to identify determinants of these practices. Several recent studies utilize Protection Motivation...
Cyber situational awareness – A systematic review of the literature
Cyber situational awareness is attracting much attention. It features prominently in the national cyber strategies of many countries, and there is a considerable body of research dealing with it. However, until now, there has been no systematic and up-to-date review...
A study of information security awareness in Australian government organisations
The purpose of this paper is to investigate the human-based information security (InfoSec) vulnerabilities in three Australian government organisations. A Web-based survey was developed to test attitudes, knowledge and behaviour across eight policy-based focus areas....
Using phishing experiments and scenario-based surveys to understand security behaviours in practice
The objective of this study was manifold: first, to examine security behaviors in real-life scenarios by scrutinizing elements that might compel an individual to comply with a request made by an attacker; second, to assess whether including victim-specific information...