Rewind

Given the diffusion of the Social Web and increased disclosure of personal information online, the ‘privacy paradox’ suggests that while Internet users are concerned about privacy, their behaviors do not mirror those concerns. This study investigates the potential...

In this work we address the main issues of IT consumerisation that are related to security risks, and propose a ‘soft’ mitigation strategy for user actions based on nudging, widely applied to health and social behaviour influence. In particular, we propose a...

We carried out two behavioural experiments to investigate if and how cybersecurity decision-making responses are influenced by gain-loss framing and the prominence of a primed recall of a previous experience. In the first experiment, we adjusted the frame (gain vs....

Within nine different research projects about phishing protection this thesis gives answers to ten different research questions in the areas of creating new phishing detectors (phishing detection) and providing usable user feedback for such systems (user...

Use of the Internet has become our second nature. With each passing day computers and mobile devices are becoming ubiquitous in our society. In this backdrop the confidentiality of information is now a question of paramount importance. It is understood fact now that...

Researchers offer participants persuasive communications in the form of charitable appeals and commercial advertisements. By drawing the attention of the participant to how similar they are with either a victim of misfortune (in a charitable appeal) or a protagonist...

The 2014 Security Threat Report discusses the evolution of the cyber threat landscape. It suggests that less skilled cybercriminals are being pushed out of the market, leading to a survival of the fittest scenario. This evolution is expected to result in fewer, but...

Employees’ failures to follow information security policy can be costly to organizations, causing organizations to implement security controls to motivate secure behavior. Information security research has explored many control-related motivations (e.g.,...

The ongoing debate about online privacy attests to the concerns of web users. These privacy anxieties encourage consumers to adopt data protection features, shape their valuation of existing features, and can guide their preferences among competing businesses....

This paper discusses the common misconception of using the terms cyber security and information security interchangeably. While there is a significant overlap between the two, they are not entirely synonymous. The paper suggests that cyber security extends beyond the...

System trespassing by computer intruders is a growing concern among millions of Internet users. However, little research has employed criminological insights to explore the effectiveness of security means to deter unauthorized access to computer systems. Drawing on...

To the extent that phishing has become a serious threat to information security, there has been rather limited theory-grounded research on this burgeoning phenomenon. In this paper, we develop a theoretical model of victimization by phishing based on the...

In the technological world in which we live, access to the Internet is no longer a luxury. Rather, it is a necessity and a lifeline to many. The Internet is used, amongst other things for obtaining information, for doing business and for social networking. However,...

It is widely agreed that a large amount of information systems (IS) security incidents occur in the workplace because employees subvert existing IS Security Policy (ISSP). In order to understand the factors that constrain employees from deviance and violation of the...

Most prior research on preventing phishing attacks focuses on technology to identify and prevent the delivery of phishing emails. The current study supports an ongoing effort to develop a user-profile that predicts when phishing attacks will be successful. We sought...

Many organisations run security awareness programmes with the aim of improving end user behaviours around information security. Yet behavioural research tells us that raising awareness will not necessarily lead to behaviour change. In this paper we examine the...

To explore the effectiveness of embedded training, researchers conducted a large-scale experiment that tracked workers' reactions to a series of carefully crafted spear phishing emails and a variety of immediate training and awareness activities. Based on behavioral...

Toward the ultimate goal of enhancing human performance in cyber security, we attempt to understand the cognitive components of cyber security expertise. Our initial focus is on cyber security attackers – often called “hackers”. Our first aim is to develop behavioral...

We empirically assess whether browser security warnings are as ineffective as suggested by popular opinion and previous literature. We used Mozilla Firefox and Google Chrome’s in-browser telemetry to observe over 25 million warning impressions in situ. During our...

Many programs that aim to help individuals in postsecondary education underperform due to the fact that humans do not behave in an expected, rational way. In this report, it’s suggested that behavioural economics can provide an insight into how people behave and make...