Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Information security awareness: Comparing perceptions and training preferences
Use of the Internet has become our second nature. With each passing day computers and mobile devices are becoming ubiquitous in our society. In this backdrop the confidentiality of information is now a question of paramount importance. It is understood fact now that...
Effects of self-relevant perspective-taking on the impact of persuasive appeals
Researchers offer participants persuasive communications in the form of charitable appeals and commercial advertisements. By drawing the attention of the participant to how similar they are with either a victim of misfortune (in a charitable appeal) or a protagonist...
Security threat report 2014
The 2014 Security Threat Report discusses the evolution of the cyber threat landscape. It suggests that less skilled cybercriminals are being pushed out of the market, leading to a survival of the fittest scenario. This evolution is expected to result in fewer, but...
Control-related motivations and information security policy compliance: The role of autonomy and efficacy.
Employees’ failures to follow information security policy can be costly to organizations, causing organizations to implement security controls to motivate secure behavior. Information security research has explored many control-related motivations (e.g.,...
Guide to measuring privacy concern: Review of survey and observational instruments
The ongoing debate about online privacy attests to the concerns of web users. These privacy anxieties encourage consumers to adopt data protection features, shape their valuation of existing features, and can guide their preferences among competing businesses....
National safety management society October 2013 digest (O’Neill exemplifies safety leadership)
The O'Neill Exemplifies Safety Leadership subsection of this NSMS Digest focuses on former secretary of the U.S. Treasury Paul O'Neill's advocation of transparency in safety measures. O'Neill argues for real-time information on who may have had their safety...
From information security to cyber security
This paper discusses the common misconception of using the terms cyber security and information security interchangeably. While there is a significant overlap between the two, they are not entirely synonymous. The paper suggests that cyber security extends beyond the...
Restrictive deterrent effects of a warning banner in an attacked computer system
System trespassing by computer intruders is a growing concern among millions of Internet users. However, little research has employed criminological insights to explore the effectiveness of security means to deter unauthorized access to computer systems. Drawing on...
Investigating phishing victimization with the Heuristic-Systematic model: A theoretical framework and an exploration
To the extent that phishing has become a serious threat to information security, there has been rather limited theory-grounded research on this burgeoning phenomenon. In this paper, we develop a theoretical model of victimization by phishing based on the...
Home user security- from thick security-oriented home users to thin security- oriented home users
In the technological world in which we live, access to the Internet is no longer a luxury. Rather, it is a necessity and a lifeline to many. The Internet is used, amongst other things for obtaining information, for doing business and for social networking. However,...
Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory
It is widely agreed that a large amount of information systems (IS) security incidents occur in the workplace because employees subvert existing IS Security Policy (ISSP). In order to understand the factors that constrain employees from deviance and violation of the...
Keeping up with the Joneses: Assessing phishing susceptibility in an email task
Most prior research on preventing phishing attacks focuses on technology to identify and prevent the delivery of phishing emails. The current study supports an ongoing effort to develop a user-profile that predicts when phishing attacks will be successful. We sought...
Can we sell security like soap?: A new approach to behaviour change
Many organisations run security awareness programmes with the aim of improving end user behaviours around information security. Yet behavioural research tells us that raising awareness will not necessarily lead to behaviour change. In this paper we examine the...
Going spear phishing: Exploring embedded training and awareness
To explore the effectiveness of embedded training, researchers conducted a large-scale experiment that tracked workers' reactions to a series of carefully crafted spear phishing emails and a variety of immediate training and awareness activities. Based on behavioral...
Measuring expertise and bias in cyber security using cognitive and neuroscience approaches
Toward the ultimate goal of enhancing human performance in cyber security, we attempt to understand the cognitive components of cyber security expertise. Our initial focus is on cyber security attackers – often called “hackers”. Our first aim is to develop behavioral...
Alice in warningland: A large-scale field study of browser security warning effectiveness
We empirically assess whether browser security warnings are as ineffective as suggested by popular opinion and previous literature. We used Mozilla Firefox and Google Chrome’s in-browser telemetry to observe over 25 million warning impressions in situ. During our...
Using behavioral economics for postsecondary success
Many programs that aim to help individuals in postsecondary education underperform due to the fact that humans do not behave in an expected, rational way. In this report, it’s suggested that behavioural economics can provide an insight into how people behave and make...
Poverty impedes cognitive function
This paper suggests that poverty impedes cognitive functioning, as poverty-related concerns require a lot of mental resources and leave less space for other cognitive tasks. The thesis was indicated through 2 studies. Implications include avoiding cognitively taxing...
Comprehensive study on cybercrime
An in-depth and thorough study into the world of global cybercrime which highlights lessons learned from current and past cyber efforts. The study explores the global state of cybercrime, the challenges we face as we move into a digitally connected society and...
Cyber security: A longitudinal examination of undergraduate behavior and perceptions
Internet fraud continues to be a challenge in the business world. This study was undertaken to expand upon a previous study and determine if undergraduate students are at a similar cyber security risk. Findings suggest that spam and phishing are becoming less...
Improving mental models of computer security through information graphics
Many users have difficulties making effective security decisions. Education is one way to improve users’ mental models of computer security, but a common challenge is that users are not motivated to learn about security. We propose that a visual approach to education...