Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Software updates as a security metric: Passive identification of update trends and effect on machine infection
Botnets have become a vital part of underground economy and botherders are actively looking for new recruits to join their bot army. A lapse by an end user or an administrator in terms of not updating their software enables the botherder to achieve this objective. In...
The millennial cybersecurity project improving awareness of and modifying risky behavior in cyberspace
The underlying premise of the Millennial Cybersecurity Project is that the best way to communicate with millennials is through the language of technology. Most organizations today employ communications strategies that are better suited to previous generations. Instead...
Exploring the role of individual employee characteristics and personality on employee compliance with cybersecurity policies
This study finds individuals with differing personality traits react differently to the same conditions, and thus cyber security training should be tailored based on individual needs.
Similarities and differences between working memory and long-term memory: Evidence from the levels-of-processing span task
This paper tests the effects of depth of processing on both working memory and long-term memory. The results indicate that the depth of processing had little effect on working memory tests; however, the typical benefits of semantic processing was seen in long term...
On the security of password manager database formats
Findings from this paper show that most password managers are easily broken and use storage formats that are easily accessible, even to weak adversaries. The work does, however, show that it is possible to theoretically construct a format that is secure, that’s usable...
Research article phishing susceptibility: An investigation into the processing of a targeted spear phishing email
Research problem: Phishing is an email-based scam where a perpetrator camouflages emails to appear as a legitimate request for personal and sensitive information. Research question: How do individuals process a phishing email, and determine whether to respond to it?...
The psychology of security for the home computer user
The home computer user is often said to be the weakest link in computer security. They do not always follow security advice, and they take actions, as in phishing, that compromise themselves. In general, we do not understand why users do not always behave safely,...
Security services as coping mechanisms: An investigation into user intention to adopt an email authentication service
Email plays an important role in the digital economy but is threatened by increasingly sophisticated cybercrimes. A number of security services have been developed, including an email authentication service designed to cope with email threats. It remains unknown how...
Compliant sinners, obstinate saints: How power and self-focus determine the effectiveness of social influences in ethical decision making
Researchers test how power and self-focus moderate the effectiveness of social influence in decision-making. They find those with more power and self-focus to be less affected by social influence when making ethical decisions.
Stories as informal lessons about security
Non-expert computer users frequently face security-related decisions, and while their choices are often not optimal, they are not random. This raises the question: what informs these decisions? Our research posits that these decisions are largely influenced by stories...
Designing a mobile game to teach conceptual knowledge of avoiding ‘phishing attacks’
Phishing is a form of online identity theft, which attempts to appropriate confidential and sensitive information such as usernames and passwords from its victims. To facilitate cyberspace as a secure environment, phishing education needs to be made accessible to home...
Training users to counteract phishing
Phishing is an increasingly more prevalent form of online, social engineered scams that escalate costs and risks to society year to year. This study demonstrates an association between anti-phishing training techniques used in previous research and individual...
Children’s cyber-safety and protection in Australia: An analysis of community stakeholder views
Protecting children from the risks posed by negative influences in the online environment (that is, cyber-safety) is a growing concern within the Australian community. In this study, the views of 151 individuals and community stakeholder organizations, which represent...
Information security policies: A content analysis
Among information security controls, the literature gives a central role to information security policies. However, there is a reduced number of empirical studies about the features and components of information security policies. This research aims to contribute to...
Featured talk: Measuring secure behavior: A research commentary
This paper suggests future research to delve into the motivations of individuals who breach organizational security, aiming to understand the connection between security intentions and behavior.
Future directions for behavioral information security research
Information Security (InfoSec) research is far reaching and includes many approaches to deal with protecting and mitigating threats to the information assets and technical resources available within computer based systems. Although a predominant weakness in properly...
Probing the front Lines: Pollworker perceptions of security & privacy
Voting technologies have undergone intense scrutiny in recent years. In contrast, the human components of these socio-technical systems, including the policies and procedures that guide and bind behavior have received less attention. To begin to understand pollworker...
Simply blaming non-compliance is too convenient: What really causes information breaches?
Organizations typically respond to information breaches by implementing policies to regulate and control employee actions, particularly around the usage of information technology. However, there's limited evidence indicating these policies effectively curb information...
Fear of cyber-identity theft and related fraudulent activity
Identity theft and related fraudulent activities affect approximately one in twenty-five adults each year across western societies. The Internet provides a new avenue for obtaining identity tokens and identifying information and increases the scale on which identity...
Motivating IS security compliance: Insights from Habit and Protection Motivation Theory
This paper focuses on the issue of employees' non-compliance with Information System (IS) security procedures, a major concern for organizations. Previous studies have not considered the impact of past and automatic behavior on employees' compliance decisions, despite...
Security education against Phishing: A modest proposal for a Major Rethink
User education must focus on challenging and correcting the misconceptions that guide current user behavior. To date, user education on phishing has tried to persuade them to check URLs and a number of other indicators, with limited success. The authors evaluate a...