Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Why do some people manage phishing e-mails better than others?
The purpose of this paper is to investigate the behaviour response of computer users when either phishing e‐mails or genuine e‐mails arrive in their inbox. The paper describes how this research was conducted and presents and discusses the findings. This study was a...
Password security: What factors influence good password practices
This study will explore variances in password strength across demographics such as age, gender, ethnicity, and education level; organizational password rules; and security training. It also determines the degree to which the individual perception of security threats...
The influence of organizational culture on employee attitudes towards information security policy
This study examined contributing factors in the relationship between organizational culture and employee attitudes towards information security policy. Guiding the investigation was the question: To what extent, if any, is there a relationship between an...
The information security behavior of home users: Exploring a user’s risk tolerance and past experiences in the context of backing up information
Research examining the information security behavior of individuals with respect to risk has focused primarily on only a handful of constructs; most of which have their roots in Protection Motivation Theory (PMT). However, there is still a lot we do not know about the...
Evolution, stress, and sensitive periods: The influence of unpredictability in early versus late childhood on sex and risky behavior.
Researchers tested how harshness and unpredictability experienced in early childhood (age 0-5) and in later childhood (age 6-16) predicted sexual and risky behavior at age 23. Findings showed the strongest predictor of both sexual and risky behavior was an...
Toward a better understanding of behavioral intention and system usage constructs
To understand user behavior, researchers have examined intention to use, and system usage through some common conceptualizations such as actual usage, reported usage, and assessed usage. Although this entire body of research has produced important findings, it has yet...
Insights into user behavior in dealing with internet attacks
The Internet is a lucrative medium for criminals targeting Internet users. Most common Internet attacks require some form of user interaction such as clicking on an exploit link. Hence, the problem at hand is not only a technical one, but it also has a strong human...
Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory
This research investigated information systems security policy (ISSP) compliance by drawing upon two relevant theories i.e. the theory of planned behavior (TPB) and the protection motivation theory (PMT). A research model that fused constituents of the aforementioned...
Cyber security games: A new line of risk
Behaviour change is difficult to achieve and there are many models identifying the factors to affect such change but few have been applied in the security domain. This paper discusses the use of serious games to improve the security behaviour of end-users. A new...
Implementing mental models
Users’ mental models of security, though possibly incorrect, embody patterns of reasoning about security that lead to systematic behaviors across tasks and may be shared across populations of users. Researchers have identified widely held mental models of security,...
Perceived deception in advertising: Proposition of a measurement scale
Following a literature review, the paper's authors built a measure of perceived deception in advertising. The measure was fuelled by perceived veracity and perceived ethic, and may allow marketing practioners to evaluate the percieved deception of marketing...
How users bypass access control – and why: The impact of authorization problems on individuals and the organization
Many organizations struggle with ineffective and/or inefficient access control, but these problems and their consequences often remain invisible to security decision-makers. Prior research has focused on improving the policy-authoring part of authorization and does...
A composite framework for behavioral compliance with information security policies
To combat potential security threats, organizations rely upon information security policies to guide employee actions. Unfortunately, employee violations of such policies are common and costly enough that users are often considered the weakest link in information...
The power of habit: Why we do what we do in life and business
In this book, Charles Duhigg draws on psychological and neurological research to introduce the concept of habit loops. According to the book, habits are formed when a cue that leads to a behaviour leads to a reward. Changing habits requires amending habit loops....
Don’t work. Can’t work? Why it’s time to rethink security warnings
In this study, 120 participants were asked to test an (arbitrary) online tool. During testing, participants encountered a PDF download warning. All participants noticed the warning, but 81.7% downloaded the PDF file that triggered it regardless. The authors’ attribute...
Security policy compliance: User acceptance perspective
Information security policy compliance is one of the key concerns that face organizations today. Although, technical and procedural security measures help improve information security, there is an increased need to accommodate human, social and organizational factors....
End user perception of online risk under uncertainty
In this paper we leverage a canonical nine dimensional model of offline risk perception to better understand online risk perceptions. Understanding risk perception facilitates the development of better risk communication and mitigation technologies. We conducted a...
The role of individual characteristics on insider abuse intentions
Insiders represent a major threat to the security of an organization’s information resources (Warkentin & Willison, 2009; Stanton et al., 2005). Previous research has explored the role of protection motivation or of deterrence in promoting compliant behavior, but...
The current state of phishing attacks
This article discusses phishing attacks. It introduces the anatomy of a phishing attack, considers why people fall for phishing attacks and estimates the damage of phishing attacks. The article also discusses common tecniques for preventing phishing.
Blaming noncompliance is too convenient: What really causes information breaches?
Information breaches demand a vigorous response from organizations. The traditional response is to institute policies to constrain and control employee behavior. Information security policies inform employees about appropriate uses of information technology in an...
It’s not all about me: Motivating hand hygiene among health care professionals by focusing on patients
In this study, health care professionals washed their hands to a significantly greater degree when they were reminded of the implications for patients as opposed to the implications for themselves. The study suggests personal wellbeing is not always the greatest...