Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Measuring expertise and bias in cyber security using cognitive and neuroscience approaches
Toward the ultimate goal of enhancing human performance in cyber security, we attempt to understand the cognitive components of cyber security expertise. Our initial focus is on cyber security attackers – often called “hackers”. Our first aim is to develop behavioral...
Alice in warningland: A large-scale field study of browser security warning effectiveness
We empirically assess whether browser security warnings are as ineffective as suggested by popular opinion and previous literature. We used Mozilla Firefox and Google Chrome’s in-browser telemetry to observe over 25 million warning impressions in situ. During our...
Using behavioral economics for postsecondary success
Many programs that aim to help individuals in postsecondary education underperform due to the fact that humans do not behave in an expected, rational way. In this report, it’s suggested that behavioural economics can provide an insight into how people behave and make...
Poverty impedes cognitive function
This paper suggests that poverty impedes cognitive functioning, as poverty-related concerns require a lot of mental resources and leave less space for other cognitive tasks. The thesis was indicated through 2 studies. Implications include avoiding cognitively taxing...
Comprehensive study on cybercrime
An in-depth and thorough study into the world of global cybercrime which highlights lessons learned from current and past cyber efforts. The study explores the global state of cybercrime, the challenges we face as we move into a digitally connected society and...
Cyber security: A longitudinal examination of undergraduate behavior and perceptions
Internet fraud continues to be a challenge in the business world. This study was undertaken to expand upon a previous study and determine if undergraduate students are at a similar cyber security risk. Findings suggest that spam and phishing are becoming less...
Improving mental models of computer security through information graphics
Many users have difficulties making effective security decisions. Education is one way to improve users’ mental models of computer security, but a common challenge is that users are not motivated to learn about security. We propose that a visual approach to education...
“Little brothers watching you:” Raising awareness of data leaks on smartphones
Today’s smartphone applications expect users to make decisions about what information they are willing to share, but fail to provide sufficient feedback about which privacy sensitive information is leaving the phone, as well as how frequently and with which entities...
The relationship between job insecurity and accident under-reporting: A test in two countries
While the issue of under-reporting accidents is becoming more acknowledged in literature, there is less understanding regarding the work environment factors that predict the severity of such under-reporting. This paper analyses data from 786 employees across 24 US...
Writing down your password: Does it help?
Users are able to remember their phone numbers and postal codes, their student numbers, PIN numbers, and social insurance numbers. Why, then, do users have trouble remembering their passwords? This paper considers the hypothesis that being able to access written notes...
“Fairly truthful”: The impact of perceived effort, fairness, relevance, and sensitivity on personal data disclosure
While personal data is a source of competitive advantage, businesses should consider the potential reaction of individuals to certain types of data requests. Privacy research has identified some factors that impact privacy perceptions, but these have not yet been...
“Comply or die is dead”: Long live security-aware principal agents
Information security has adapted to the modern collaborative organisational nature, and abandoned “command-and-control” approaches of the past. But when it comes to managing employee’s information security behaviour, many organisations still use policies proscribing...
Are home internet users willing to pay ISPs for improvements in cyber security?
One strategy for improving cyber security would be for Internet service providers (ISPs) to take a more active role in curtailing criminal behavior over the Internet. However, few ISPs today are offering robust security to their customers, arguing that home Internet...
A review of the theory of planned behaviour in the context of information security policy compliance
The behaviour of employees influences information security in virtually all organisations. To inform the employees regarding what constitutes desirable behaviour, an information security policy can be formulated and communicated. However, not all employees comply with...
What kind of interventions can help users from falling for phishing attempts: A research proposal for examining stage-appropriate interventions
Because successful phishing attacks are expensive to society, it is imperative to understand how to promote protective behavior for IS end-users. Our research program in progress will extend IS Security research by empirically testing a theoretical hybrid...
Information security behavior: Towards multi-stage model
In order to ensure that employees abide by their organizations’ Information Security Policies (ISP), a number of information security policy compliance measures have been proposed in the past. If different factors can explain/predict the information security behavior...
Motivating the insider to protect organizational information assets: Evidence from protection motivation theory and rival explanations
This research investigates the factors that motivate employees to protect their organizations from information security threats via protection-motivated behaviors (PMBs). A model founded on Protection Motivation Theory (PMT) and several rival explanations is assessed...
Contextualized web warnings, and how they cause distrust
Current warnings in Web browsers are difficult to understand for lay users. We address this problem through more concrete warning content by contextualizing the warning – for example, taking the user’s current intention into account in order to name concrete...
Human aspects of information security: An empirical study of intentional versus actual behavior
Purpose – A significant amount of empirical research has been conducted on the socio‐economic (sociological, psychological, economic) aspects of information security, such as the phenomenon of individuals who are willing to take security measures, but often do not....
Phishing and organisational learning
The importance of addressing the human aspect in information security has grown over the past few years. One of the most frequent techniques used to obtain private or confidential information from humans is phishing. One way to combat these phishing scams is to have...
Information security culture – state-of-the-art review between 2000 and 2013
Purpose – The aim of this paper is to survey existing information security culture research to scrutinise the kind of knowledge that has been developed and the way in which this knowledge has been brought about. Design/methodology/approach – Results are based on a...