Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Who’s afraid of which bad wolf ? A survey of IT security risk awareness
The perception of risk has been established as an important part of the study of human aspects of security research. Similarly, risk awareness is often considered a central precursor for the adoption of security mechanisms and how people use them and interact with...
How task familiarity and cognitive predispositions impact behavior in a security game of timing
This paper addresses security and safety choices that involve a decision on the timing of an action. Examples of such decisions include when to check log files for intruders and when to monitor financial accounts for fraud or errors. To better understand how...
The social engineering personality framework
We explore Information and Communication Technology (ICT) security in a socio-technical world and focus in particular on the susceptibility to social engineering attacks. We pursue the question if and how personality traits influence this susceptibility. We use...
Out of the loop: How automated software updates cause unintended security consequences
When security updates are not installed, or installed slowly, end users are at an increased risk for harm. To improve security, software designers have endeavored to remove the user from the software update loop. However, user involvement in software updates remains...
Improving the prediction of users’ disclosure behavior… by making them disclose more predictably?
Taking a step beyond segmentation, privacy researchers have recently proposed privacy personalization or adaptation as an approach to assist users in their privacy decision making. Analyzing a number of datasets of users’ personal information disclosure behavior, we...
The password life cycle: User behaviour in managing passwords
Users need to keep track of many accounts and passwords. We conducted a series of interviews to investigate how users cope with these demanding tasks, and used Grounded Theory to analyze the interview results. We found that most users cope by reusing passwords and...
An empirical investigation of the factors that influence Internet user’s ability to correctly identify a phishing website
This research aims to explore the key factors influencing an Internet user's capacity to accurately identify a phishing website. We carried out quantitative research using a structured survey questionnaire and three experimental tasks. We gathered a total of 621 valid...
A critical reflection on the threat from human insiders– its nature, industry perceptions, and detection approaches
Organisations today operate in a world fraught with threats, including “script kiddies”, hackers, hacktivists and advanced persistent threats. Although these threats can be harmful to an enterprise, a potentially more devastating and anecdotally more likely threat is...
Applying protection motivation theory to information security training for college students
As Internet and Web technologies have been used in different fields by various organizations, cyber security has become a significant public concern for the society as a whole. There is a broad consensus on the need for broader and better training and education of the...
IT security policies and employee compliance: The effects of organizational environment
A major threat to IT security in today’s business world is the simple problem of careless employees choosing not to comply with security policies and guidelines. Many studies have been done to track the reasoning behind this problem and try to find a solution. To...
An exploratory investigation of message-person congruence in information security awareness campaigns
In this study, we sought to answer the question of whether certain information security awareness message themes are more or less effective for different types of individuals based on their personality traits. We considered five message themes (deterrence, morality,...
Predicting facebook users’ online privacy protection: Risk, trust, norm focus theory, and the theory of planned behavior
The present research adopts an extended theory of the planned behavior model that included descriptive norms, risk, and trust to investigate online privacy protection in Facebook users. Facebook users (N = 119) completed a questionnaire assessing their attitude,...
Is the influence of privacy and security on online trust the same for all type of consumers?
This article analyzes the relationships among online trust and two of its most important antecedents, namely privacy and security, and explains how consumers’ characteristics (gender, age, education and extraversion), moderate the influence of both privacy and...
Why deterrence is not enough: The role of endogenous motivations on employees’ information security behavior
Information systems security (ISS) is an increasingly critical issue for companies worldwide. In 2013 cybercrime has caused losses worth US $113 billion affecting 378m victims (Norton Symantec Cybercrime Report 2013). Besides criminal attacks and system malfunctions,...
Nudging whom how: IT proficiency, impulse control and secure behaviour
This paper considers the utility of employing behavioural nudges to change security-related behaviours. We examine the possibility that the effectiveness of nudges may depend on individual user characteristics – which represents a starting point for more personalized...
Security literacy: The missing link in today’s online society?
With the successive revolutions in personal computing, Internet access, and mobility, the last few decades have seen an unprecedented period of technological growth and accompanying information access. While most of the consequences have been positive, and in many...
Sensitizing employees’ corporate IS security risk perception
Motivated by recent practical observations of employees’ unapproved sourcing of cloud services at work, this study empirically evaluates bring your own cloud (BYOC) policies and social interactions of the IT department to sensitize employees’ security risk perception....
Chatbot for IT security training: Using motivational interviewing to improve security behaviour
We conduct a pre-study with 25 participants on Mechanical Turk to find out which security behavioural problems are most important for online users. These questions are based on motivational interviewing (MI), an evidence-based treatment methodology that enables to...
Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q)
This paper delves into the realm of Cyber Security Awareness Campaigns, with a specific focus on identifying critical factors that may hinder their effectiveness in driving behavioral change. Despite past and ongoing efforts to enhance information security practices...
Using personal examples to improve risk communication for security & privacy decisions
IT security systems often attempt to support users in taking a decision by communicating associated risks. However, a lack of efficacy as well as problems with habituation in such systems are well known issues. In this paper, we propose to leverage the rich set of...
A field trial of privacy nudges for facebook
This study explores the design of two modifications to the Facebook web interface aimed at nudging users to consider their online disclosures more carefully. The modifications, reminders about the audience of posts and a time delay before publishing, were evaluated in...