Rewind

This paper delves into the process of how individuals acquire, assess, and process data, specifically examining the psychology of risk perception to pinpoint essential factors for crafting effective messages. The application of the mental models methodology in risk...

Online security advice aims to persuade users to behave securely, but appears to have limited effects at changing behaviour. We propose security advice targeted at end-users should employ visual rhetoric to form an effective, memorable, and persuasive method of...

One of the largest preventable sources of computer compromise is old software that has not been updated with the latest security-related updates. Security updates correct known vulnerabilities in software and protect the computer from future attacks. However, users do...

In this chapter, the author investigates the relationships between unethical behaviors from the viewpoint of information security and organizational commitment by analyzing micro data collected from a survey the author conducted in March 2012. As a result, at first,...

Given the diffusion of the Social Web and increased disclosure of personal information online, the ‘privacy paradox’ suggests that while Internet users are concerned about privacy, their behaviors do not mirror those concerns. This study investigates the potential...

In this work we address the main issues of IT consumerisation that are related to security risks, and propose a ‘soft’ mitigation strategy for user actions based on nudging, widely applied to health and social behaviour influence. In particular, we propose a...

We carried out two behavioural experiments to investigate if and how cybersecurity decision-making responses are influenced by gain-loss framing and the prominence of a primed recall of a previous experience. In the first experiment, we adjusted the frame (gain vs....

Within nine different research projects about phishing protection this thesis gives answers to ten different research questions in the areas of creating new phishing detectors (phishing detection) and providing usable user feedback for such systems (user...

Use of the Internet has become our second nature. With each passing day computers and mobile devices are becoming ubiquitous in our society. In this backdrop the confidentiality of information is now a question of paramount importance. It is understood fact now that...

Researchers offer participants persuasive communications in the form of charitable appeals and commercial advertisements. By drawing the attention of the participant to how similar they are with either a victim of misfortune (in a charitable appeal) or a protagonist...

The 2014 Security Threat Report discusses the evolution of the cyber threat landscape. It suggests that less skilled cybercriminals are being pushed out of the market, leading to a survival of the fittest scenario. This evolution is expected to result in fewer, but...

Employees’ failures to follow information security policy can be costly to organizations, causing organizations to implement security controls to motivate secure behavior. Information security research has explored many control-related motivations (e.g.,...

The ongoing debate about online privacy attests to the concerns of web users. These privacy anxieties encourage consumers to adopt data protection features, shape their valuation of existing features, and can guide their preferences among competing businesses....

This paper discusses the common misconception of using the terms cyber security and information security interchangeably. While there is a significant overlap between the two, they are not entirely synonymous. The paper suggests that cyber security extends beyond the...

System trespassing by computer intruders is a growing concern among millions of Internet users. However, little research has employed criminological insights to explore the effectiveness of security means to deter unauthorized access to computer systems. Drawing on...

To the extent that phishing has become a serious threat to information security, there has been rather limited theory-grounded research on this burgeoning phenomenon. In this paper, we develop a theoretical model of victimization by phishing based on the...

In the technological world in which we live, access to the Internet is no longer a luxury. Rather, it is a necessity and a lifeline to many. The Internet is used, amongst other things for obtaining information, for doing business and for social networking. However,...

It is widely agreed that a large amount of information systems (IS) security incidents occur in the workplace because employees subvert existing IS Security Policy (ISSP). In order to understand the factors that constrain employees from deviance and violation of the...

Most prior research on preventing phishing attacks focuses on technology to identify and prevent the delivery of phishing emails. The current study supports an ongoing effort to develop a user-profile that predicts when phishing attacks will be successful. We sought...

Many organisations run security awareness programmes with the aim of improving end user behaviours around information security. Yet behavioural research tells us that raising awareness will not necessarily lead to behaviour change. In this paper we examine the...