Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Ten risky security behaviors to avoid: Protect your organization
You are a problem. You are a risk to your employer. The actions you take and the activities you perform at work, online, and even in your personal life put your employer at risk. You need to know how you are a security risk to the organization and what you can do to...
Perceptions of information security at the workplace: Linking information security climate to compliant behavior
A large number of information security breaches at the workplace result from employees’ failure to comply with organizational information security guidelines. Recent surveys report that 78% of computer attacks appear in the form of viruses embedded in email...
Comparing the impact of explicit and implicit resistance induction strategies on message persuasiveness
Researchers studied people's resistance to persuasion, testing traditional explicit warnings against implicit priming warnings. They found simply reminding people of a situation in which someone attempted to influence them (ie, implicit priming) was as effective in...
ABC of behaviour change theories
83 theories of behaviour change that could be used to design behaviour change interventions are discussed in detail.
User preference of cyber security awareness delivery methods
The modern era sees highly secure operating systems and software, resulting in cyber attackers focusing their efforts on exploiting human vulnerabilities to breach an organization's information systems. Given the growing number of cyber attacks aimed at unsuspecting...
Three domains of learning – Cognitive, affective, psychomotor
The distinguished expert in education and learning discusses the hierarchies of the three domains of learning. After discussing the different stages of cognivite learning, Owen Wilson discuess emotional learning and physical learning. The piece breaks each area of...
Work-related injury underreporting among young workers: Prevalence, gender differences, and explanations for underreporting
This paper discusses the issue of employees often not reporting lost-time work-related injuries, despite it being a legal requirement in many jurisdictions. Based on data from 21,345 young part-time Canadian workers (55% male), it was found that 21% of respondents had...
Habitual Facebook use and its impact on getting deceived on social media
This paper looks into how Facebook habits impact susceptibility to social engineering attacks via social media, concluding habitual Facebook users are significantly more likely to succumb to level 1 friend-request attacks than non-habitual users.
Password portfolios and the finite-effort user: Sustainably managing large numbers of accounts
We explore how to manage a portfolio of passwords. We review why mandating exclusively strong passwords with no re-use gives users an impossible task as portfolio size grows. We find that approaches justified by loss-minimization alone, and those that ignore important...
The effect of social influence on security sensitivity
Even though there has been an increased effort to increase security sensitivity amongst the population, most individuals ignore security advice. This paper found a few social influence processes – processes that influence the behaviours of individuals with words and...
Exploiting curiosity and context: How to make people click on a dangerous link despite their security awareness
This paper is the outcome of two studies in which university students’ responses to curiosity-inducing phishing emails were monitored..
Who’s afraid of which bad wolf ? A survey of IT security risk awareness
The perception of risk has been established as an important part of the study of human aspects of security research. Similarly, risk awareness is often considered a central precursor for the adoption of security mechanisms and how people use them and interact with...
How task familiarity and cognitive predispositions impact behavior in a security game of timing
This paper addresses security and safety choices that involve a decision on the timing of an action. Examples of such decisions include when to check log files for intruders and when to monitor financial accounts for fraud or errors. To better understand how...
The social engineering personality framework
We explore Information and Communication Technology (ICT) security in a socio-technical world and focus in particular on the susceptibility to social engineering attacks. We pursue the question if and how personality traits influence this susceptibility. We use...
Out of the loop: How automated software updates cause unintended security consequences
When security updates are not installed, or installed slowly, end users are at an increased risk for harm. To improve security, software designers have endeavored to remove the user from the software update loop. However, user involvement in software updates remains...
Improving the prediction of users’ disclosure behavior… by making them disclose more predictably?
Taking a step beyond segmentation, privacy researchers have recently proposed privacy personalization or adaptation as an approach to assist users in their privacy decision making. Analyzing a number of datasets of users’ personal information disclosure behavior, we...
The password life cycle: User behaviour in managing passwords
Users need to keep track of many accounts and passwords. We conducted a series of interviews to investigate how users cope with these demanding tasks, and used Grounded Theory to analyze the interview results. We found that most users cope by reusing passwords and...
An empirical investigation of the factors that influence Internet user’s ability to correctly identify a phishing website
This research aims to explore the key factors influencing an Internet user's capacity to accurately identify a phishing website. We carried out quantitative research using a structured survey questionnaire and three experimental tasks. We gathered a total of 621 valid...
A critical reflection on the threat from human insiders– its nature, industry perceptions, and detection approaches
Organisations today operate in a world fraught with threats, including “script kiddies”, hackers, hacktivists and advanced persistent threats. Although these threats can be harmful to an enterprise, a potentially more devastating and anecdotally more likely threat is...
Applying protection motivation theory to information security training for college students
As Internet and Web technologies have been used in different fields by various organizations, cyber security has become a significant public concern for the society as a whole. There is a broad consensus on the need for broader and better training and education of the...
IT security policies and employee compliance: The effects of organizational environment
A major threat to IT security in today’s business world is the simple problem of careless employees choosing not to comply with security policies and guidelines. Many studies have been done to track the reasoning behind this problem and try to find a solution. To...