Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Variables influencing information security policy compliance: A systematic review of quantitative studies
This paper aims to pinpoint the variables that impact compliance with organizational information security policies and to determine their significance. A systematic review of empirical studies from existing literature was conducted, with the variables investigated in...
Employees’ adherence to information security policies: An exploratory field study
This paper addresses the primary threat to information security, which is non-compliance with security policies by employees. A new model was developed, integrating elements from the Protection Motivation Theory, the Theory of Reasoned Action, and the Cognitive...
Using the health belief model to explore users’ perceptions of ‘being safe and secure’ in the world of technology mediated financial transactions
Fraudulent transactions occurring via the Internet or Automatic Teller Machines (ATMs) present a considerable problem for financial institutions and consumers alike. Whilst a number of technological improvements have helped reduce the likelihood of security breaches,...
Social cognitive determinants of non-malicious, counterproductive computer security behaviors (Ccsb): An empirical analysis
This study used a cross-sectional survey to test the relationships among social cognitive variables and employees' counterproductive computer security behaviors (CCSB). We used data collected from 201 professionals in Canadian organizations. Components from social...
Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition
This study investigated employees’ information systems security policy (ISSP) compliance behavioural intentions in organisations from the theoretical lenses of social bonding, social influence, and cognitive processing. Given that previous research on ISSP compliance...
Analysis of unintentional insider threats deriving from social engineering exploits
This paper reports on the researchers' efforts to collect and analyse data from unintentional insider threats, noting how difficult data collection and analysis is in this area. Researchers note overcoming data collection and analysis issues is and will be necessary...
Do it OR ELSE ! Exploring the effectiveness of deterrence on employee compliance with information security policies
Organizations have long relied upon the threat of sanctions to influence employees to follow information security policies. Unfortunately, the belief in the power of deterrence has provided mixed results in both research and in real life. This study explored the...
Using behavioural insights to improve the public’s use of cyber security best practices
Behavioural change theory suggests influencers of behavioural change include environmental factors (such as technological design), social influencers (such as peers or family) and personal influencers (such as what we know and believe). Using the MINDSPACE framework...
Information security culture: A definition and a literature review
Information security culture guides how things are done in organization in regard to information security, with the aim of protecting the information assets and influencing employees’ security behavior. In this paper, we review key literature on information security...
Improving compliance with password guidelines: How user perceptions of passwords and security threats affect compliance with guidelines
Passwords have long been the preferred method of user authentication, yet poor password practices cause security issues. The study described in this paper investigates how user perceptions of passwords and security threats affect intended compliance with guidelines...
From weakest link to security hero: Transforming staff security behavior
Software engineering researcher Shari Lawrence Pfleeger and her co-authors review the latest psychological research on moral values and habit formation, discussing how principles and theories can be leverages to encourage people to behave in a cyber secure manner....
Mental models in warnings message design: A review and two case studies
This paper delves into the process of how individuals acquire, assess, and process data, specifically examining the psychology of risk perception to pinpoint essential factors for crafting effective messages. The application of the mental models methodology in risk...
Stop clicking on “update later”: Persuading users they need up-to-date antivirus protection
Online security advice aims to persuade users to behave securely, but appears to have limited effects at changing behaviour. We propose security advice targeted at end-users should employ visual rhetoric to form an effective, memorable, and persuasive method of...
Mental models of software updates
One of the largest preventable sources of computer compromise is old software that has not been updated with the latest security-related updates. Security updates correct known vulnerabilities in software and protect the computer from future attacks. However, users do...
Unethical information security behavior and organizational commitment
In this chapter, the author investigates the relationships between unethical behaviors from the viewpoint of information security and organizational commitment by analyzing micro data collected from a survey the author conducted in March 2012. As a result, at first,...
The ‘privacy paradox’ in the social web: The impact of privacy concerns, individual characteristics, and the perceived social relevance on different forms of self-disclosure
Given the diffusion of the Social Web and increased disclosure of personal information online, the ‘privacy paradox’ suggests that while Internet users are concerned about privacy, their behaviors do not mirror those concerns. This study investigates the potential...
Consumerisation of IT: Mitigating risky user actions and improving productivity with nudging
In this work we address the main issues of IT consumerisation that are related to security risks, and propose a ‘soft’ mitigation strategy for user actions based on nudging, widely applied to health and social behaviour influence. In particular, we propose a...
Heuristics and biases in cyber security dilemmas
We carried out two behavioural experiments to investigate if and how cybersecurity decision-making responses are influenced by gain-loss framing and the prominence of a primed recall of a previous experience. In the first experiment, we adjusted the frame (gain vs....
Counteracting phishing through HCI: Detecting attacks and warning users
Within nine different research projects about phishing protection this thesis gives answers to ten different research questions in the areas of creating new phishing detectors (phishing detection) and providing usable user feedback for such systems (user...
Information security awareness: Comparing perceptions and training preferences
Use of the Internet has become our second nature. With each passing day computers and mobile devices are becoming ubiquitous in our society. In this backdrop the confidentiality of information is now a question of paramount importance. It is understood fact now that...
Effects of self-relevant perspective-taking on the impact of persuasive appeals
Researchers offer participants persuasive communications in the form of charitable appeals and commercial advertisements. By drawing the attention of the participant to how similar they are with either a victim of misfortune (in a charitable appeal) or a protagonist...