Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Simply blaming non-compliance is too convenient: What really causes information breaches?
Organizations typically respond to information breaches by implementing policies to regulate and control employee actions, particularly around the usage of information technology. However, there's limited evidence indicating these policies effectively curb information...
Fear of cyber-identity theft and related fraudulent activity
Identity theft and related fraudulent activities affect approximately one in twenty-five adults each year across western societies. The Internet provides a new avenue for obtaining identity tokens and identifying information and increases the scale on which identity...
Motivating IS security compliance: Insights from Habit and Protection Motivation Theory
This paper focuses on the issue of employees' non-compliance with Information System (IS) security procedures, a major concern for organizations. Previous studies have not considered the impact of past and automatic behavior on employees' compliance decisions, despite...
Security education against Phishing: A modest proposal for a Major Rethink
User education must focus on challenging and correcting the misconceptions that guide current user behavior. To date, user education on phishing has tried to persuade them to check URLs and a number of other indicators, with limited success. The authors evaluate a...
European online grooming project: Final report
A report on the findings of an ambitious project aiming to understand the behaviours involved in online grooming across Europe. The report concludes groomers' behaviours vary wildly and that, by facilitating anonymity, technology helps groomers justify their actions....
Leveraging behavioral science to mitigate cyber security risk
A thorough paper reporting the findings of Shari Pfleeeger and Deanna Caputo's research into blending behavioural science and cyber security. Following an introduction into the relationship between human behaviour and cyber security, the paper discusses proven and...
Why do some people manage phishing e-mails better than others?
The purpose of this paper is to investigate the behaviour response of computer users when either phishing e‐mails or genuine e‐mails arrive in their inbox. The paper describes how this research was conducted and presents and discusses the findings. This study was a...
Password security: What factors influence good password practices
This study will explore variances in password strength across demographics such as age, gender, ethnicity, and education level; organizational password rules; and security training. It also determines the degree to which the individual perception of security threats...
The influence of organizational culture on employee attitudes towards information security policy
This study examined contributing factors in the relationship between organizational culture and employee attitudes towards information security policy. Guiding the investigation was the question: To what extent, if any, is there a relationship between an...
The information security behavior of home users: Exploring a user’s risk tolerance and past experiences in the context of backing up information
Research examining the information security behavior of individuals with respect to risk has focused primarily on only a handful of constructs; most of which have their roots in Protection Motivation Theory (PMT). However, there is still a lot we do not know about the...
Evolution, stress, and sensitive periods: The influence of unpredictability in early versus late childhood on sex and risky behavior.
Researchers tested how harshness and unpredictability experienced in early childhood (age 0-5) and in later childhood (age 6-16) predicted sexual and risky behavior at age 23. Findings showed the strongest predictor of both sexual and risky behavior was an...
Toward a better understanding of behavioral intention and system usage constructs
To understand user behavior, researchers have examined intention to use, and system usage through some common conceptualizations such as actual usage, reported usage, and assessed usage. Although this entire body of research has produced important findings, it has yet...
Insights into user behavior in dealing with internet attacks
The Internet is a lucrative medium for criminals targeting Internet users. Most common Internet attacks require some form of user interaction such as clicking on an exploit link. Hence, the problem at hand is not only a technical one, but it also has a strong human...
Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory
This research investigated information systems security policy (ISSP) compliance by drawing upon two relevant theories i.e. the theory of planned behavior (TPB) and the protection motivation theory (PMT). A research model that fused constituents of the aforementioned...
Cyber security games: A new line of risk
Behaviour change is difficult to achieve and there are many models identifying the factors to affect such change but few have been applied in the security domain. This paper discusses the use of serious games to improve the security behaviour of end-users. A new...
Implementing mental models
Users’ mental models of security, though possibly incorrect, embody patterns of reasoning about security that lead to systematic behaviors across tasks and may be shared across populations of users. Researchers have identified widely held mental models of security,...
Perceived deception in advertising: Proposition of a measurement scale
Following a literature review, the paper's authors built a measure of perceived deception in advertising. The measure was fuelled by perceived veracity and perceived ethic, and may allow marketing practioners to evaluate the percieved deception of marketing...
How users bypass access control – and why: The impact of authorization problems on individuals and the organization
Many organizations struggle with ineffective and/or inefficient access control, but these problems and their consequences often remain invisible to security decision-makers. Prior research has focused on improving the policy-authoring part of authorization and does...
A composite framework for behavioral compliance with information security policies
To combat potential security threats, organizations rely upon information security policies to guide employee actions. Unfortunately, employee violations of such policies are common and costly enough that users are often considered the weakest link in information...
The power of habit: Why we do what we do in life and business
In this book, Charles Duhigg draws on psychological and neurological research to introduce the concept of habit loops. According to the book, habits are formed when a cue that leads to a behaviour leads to a reward. Changing habits requires amending habit loops....
Don’t work. Can’t work? Why it’s time to rethink security warnings
In this study, 120 participants were asked to test an (arbitrary) online tool. During testing, participants encountered a PDF download warning. All participants noticed the warning, but 81.7% downloaded the PDF file that triggered it regardless. The authors’ attribute...