Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Improving the prediction of users’ disclosure behavior… by making them disclose more predictably?
Taking a step beyond segmentation, privacy researchers have recently proposed privacy personalization or adaptation as an approach to assist users in their privacy decision making. Analyzing a number of datasets of users’ personal information disclosure behavior, we...
The password life cycle: User behaviour in managing passwords
Users need to keep track of many accounts and passwords. We conducted a series of interviews to investigate how users cope with these demanding tasks, and used Grounded Theory to analyze the interview results. We found that most users cope by reusing passwords and...
An empirical investigation of the factors that influence Internet user’s ability to correctly identify a phishing website
This research aims to explore the key factors influencing an Internet user's capacity to accurately identify a phishing website. We carried out quantitative research using a structured survey questionnaire and three experimental tasks. We gathered a total of 621 valid...
A critical reflection on the threat from human insiders– its nature, industry perceptions, and detection approaches
Organisations today operate in a world fraught with threats, including “script kiddies”, hackers, hacktivists and advanced persistent threats. Although these threats can be harmful to an enterprise, a potentially more devastating and anecdotally more likely threat is...
Applying protection motivation theory to information security training for college students
As Internet and Web technologies have been used in different fields by various organizations, cyber security has become a significant public concern for the society as a whole. There is a broad consensus on the need for broader and better training and education of the...
IT security policies and employee compliance: The effects of organizational environment
A major threat to IT security in today’s business world is the simple problem of careless employees choosing not to comply with security policies and guidelines. Many studies have been done to track the reasoning behind this problem and try to find a solution. To...
An exploratory investigation of message-person congruence in information security awareness campaigns
In this study, we sought to answer the question of whether certain information security awareness message themes are more or less effective for different types of individuals based on their personality traits. We considered five message themes (deterrence, morality,...
Predicting facebook users’ online privacy protection: Risk, trust, norm focus theory, and the theory of planned behavior
The present research adopts an extended theory of the planned behavior model that included descriptive norms, risk, and trust to investigate online privacy protection in Facebook users. Facebook users (N = 119) completed a questionnaire assessing their attitude,...
Is the influence of privacy and security on online trust the same for all type of consumers?
This article analyzes the relationships among online trust and two of its most important antecedents, namely privacy and security, and explains how consumers’ characteristics (gender, age, education and extraversion), moderate the influence of both privacy and...
Why deterrence is not enough: The role of endogenous motivations on employees’ information security behavior
Information systems security (ISS) is an increasingly critical issue for companies worldwide. In 2013 cybercrime has caused losses worth US $113 billion affecting 378m victims (Norton Symantec Cybercrime Report 2013). Besides criminal attacks and system malfunctions,...
Nudging whom how: IT proficiency, impulse control and secure behaviour
This paper considers the utility of employing behavioural nudges to change security-related behaviours. We examine the possibility that the effectiveness of nudges may depend on individual user characteristics – which represents a starting point for more personalized...
Security literacy: The missing link in today’s online society?
With the successive revolutions in personal computing, Internet access, and mobility, the last few decades have seen an unprecedented period of technological growth and accompanying information access. While most of the consequences have been positive, and in many...
Sensitizing employees’ corporate IS security risk perception
Motivated by recent practical observations of employees’ unapproved sourcing of cloud services at work, this study empirically evaluates bring your own cloud (BYOC) policies and social interactions of the IT department to sensitize employees’ security risk perception....
Chatbot for IT security training: Using motivational interviewing to improve security behaviour
We conduct a pre-study with 25 participants on Mechanical Turk to find out which security behavioural problems are most important for online users. These questions are based on motivational interviewing (MI), an evidence-based treatment methodology that enables to...
Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q)
This paper delves into the realm of Cyber Security Awareness Campaigns, with a specific focus on identifying critical factors that may hinder their effectiveness in driving behavioral change. Despite past and ongoing efforts to enhance information security practices...
Using personal examples to improve risk communication for security & privacy decisions
IT security systems often attempt to support users in taking a decision by communicating associated risks. However, a lack of efficacy as well as problems with habituation in such systems are well known issues. In this paper, we propose to leverage the rich set of...
A field trial of privacy nudges for facebook
This study explores the design of two modifications to the Facebook web interface aimed at nudging users to consider their online disclosures more carefully. The modifications, reminders about the audience of posts and a time delay before publishing, were evaluated in...
“My religious aunt asked why I was trying to sell her viagra”: Experiences with account hijacking
With so much of our lives digital, online, and not entirely under our control, we risk losing access to our communications, reputation, and data. Recent years have brought a rash of high-profile account compromises, but account hijacking is not limited to high-profile...
Betrayed by updates: How negative experiences affect future security
This paper discusses the importance of installing security-relevant software updates as a key computer protection mechanism. Interviews with non-expert Windows users revealed that negative experiences with past updates often lead users to decide against installing...
Decision-making under risk: Integrating perspectives from Biology, Economics, and Psychology
This review critiques four influential theories of decision-making from economics, psychology, and biology: expected utility theory; prospect theory; risk-sensitivity theory; and heuristic approaches. After doing so, it offers suggestions for integrating theories from...
Evaluating social media privacy settings for personal and advertising purposes
The purpose of this paper is to define two types of privacy, which are distinct but often reduced to each other. It also investigates which form of privacy is most prominent in privacy settings of online social networks (OSN). Privacy between users is different from...