Rewind

Toward the ultimate goal of enhancing human performance in cyber security, we attempt to understand the cognitive components of cyber security expertise. Our initial focus is on cyber security attackers – often called “hackers”. Our first aim is to develop behavioral...

We empirically assess whether browser security warnings are as ineffective as suggested by popular opinion and previous literature. We used Mozilla Firefox and Google Chrome’s in-browser telemetry to observe over 25 million warning impressions in situ. During our...

Many programs that aim to help individuals in postsecondary education underperform due to the fact that humans do not behave in an expected, rational way. In this report, it’s suggested that behavioural economics can provide an insight into how people behave and make...

This paper suggests that poverty impedes cognitive functioning, as poverty-related concerns require a lot of mental resources and leave less space for other cognitive tasks. The thesis was indicated through 2 studies. Implications include avoiding cognitively taxing...

An in-depth and thorough study into the world of global cybercrime which highlights lessons learned from current and past cyber efforts. The study explores the global state of cybercrime, the challenges we face as we move into a digitally connected society and...

Internet fraud continues to be a challenge in the business world. This study was undertaken to expand upon a previous study and determine if undergraduate students are at a similar cyber security risk. Findings suggest that spam and phishing are becoming less...

Many users have difficulties making effective security decisions. Education is one way to improve users’ mental models of computer security, but a common challenge is that users are not motivated to learn about security. We propose that a visual approach to education...

Today’s smartphone applications expect users to make decisions about what information they are willing to share, but fail to provide sufficient feedback about which privacy sensitive information is leaving the phone, as well as how frequently and with which entities...

While the issue of under-reporting accidents is becoming more acknowledged in literature, there is less understanding regarding the work environment factors that predict the severity of such under-reporting. This paper analyses data from 786 employees across 24 US...

Users are able to remember their phone numbers and postal codes, their student numbers, PIN numbers, and social insurance numbers. Why, then, do users have trouble remembering their passwords? This paper considers the hypothesis that being able to access written notes...

While personal data is a source of competitive advantage, businesses should consider the potential reaction of individuals to certain types of data requests. Privacy research has identified some factors that impact privacy perceptions, but these have not yet been...

Information security has adapted to the modern collaborative organisational nature, and abandoned “command-and-control” approaches of the past. But when it comes to managing employee’s information security behaviour, many organisations still use policies proscribing...

One strategy for improving cyber security would be for Internet service providers (ISPs) to take a more active role in curtailing criminal behavior over the Internet. However, few ISPs today are offering robust security to their customers, arguing that home Internet...

The behaviour of employees influences information security in virtually all organisations. To inform the employees regarding what constitutes desirable behaviour, an information security policy can be formulated and communicated. However, not all employees comply with...

Because successful phishing attacks are expensive to society, it is imperative to understand how to promote protective behavior for IS end-users. Our research program in progress will extend IS Security research by empirically testing a theoretical hybrid...

In order to ensure that employees abide by their organizations’ Information Security Policies (ISP), a number of information security policy compliance measures have been proposed in the past. If different factors can explain/predict the information security behavior...

This research investigates the factors that motivate employees to protect their organizations from information security threats via protection-motivated behaviors (PMBs). A model founded on Protection Motivation Theory (PMT) and several rival explanations is assessed...

Current warnings in Web browsers are difficult to understand for lay users. We address this problem through more concrete warning content by contextualizing the warning – for example, taking the user’s current intention into account in order to name concrete...

Purpose – A significant amount of empirical research has been conducted on the socio‐economic (sociological, psychological, economic) aspects of information security, such as the phenomenon of individuals who are willing to take security measures, but often do not....

The importance of addressing the human aspect in information security has grown over the past few years. One of the most frequent techniques used to obtain private or confidential information from humans is phishing. One way to combat these phishing scams is to have...

Purpose – The aim of this paper is to survey existing information security culture research to scrutinise the kind of knowledge that has been developed and the way in which this knowledge has been brought about. Design/methodology/approach – Results are based on a...