Rewind

This article discusses phishing attacks. It introduces the anatomy of a phishing attack, considers why people fall for phishing attacks and estimates the damage of phishing attacks. The article also discusses common tecniques for preventing phishing.  

Information breaches demand a vigorous response from organizations. The traditional response is to institute policies to constrain and control employee behavior. Information security policies inform employees about appropriate uses of information technology in an...

Using various social-engineering techniques, criminals run havoc on the Internet and defraud many people in a number of different ways. This puts various organisational communities at risk. Therefore, it is important that people within such communities should learn...

The sharing of personal data has emerged as a popular activity over online social networking sites like Facebook. As a result, the issue of online social network privacy has received significant attention in both the research literature and the mainstream media. Our...

One of the most popular aids adopted by users to reduce the pain suffered from the use of passwords is browsers' autocomplete feature. This feature, caching username and password after getting the user consent and using them later for automatic completion, is...

The popularity of social networking websites among Internet users continues to grow, even though social networking remains a risk for users who do not participate with caution. Using protection motivation theory (PMT) as a theoretical lens to provide a research model,...

Usability is arguably one of the most significant social topics and issues within the field of cybersecurity today. Supported by the need for confidentiality, integrity, availability and other concerns, security features have become standard components of the digital...

This paper discusses the challenges faced by home computer users in the United States, most of whom have little computer security knowledge or training. Despite this, they regularly make security-related decisions, often unknowingly, guided by their "mental models" of...

Slowly but surely, academia and industry are fully accepting the importance of the human element as it pertains to achieving security and trust. Undoubtedly, one of the main motivations for this is the increase in attacks (e.g., social engineering and phishing) which...

The authors present experimental and simulation results of an outcome-based learning model for the identification of threats to security systems. This model integrates judgment, decision-making, and learning theories to provide a unified framework for the behavioral...

This study addresses cyberslacking, defined as the use of internet and mobile technology for personal purposes during work hours. It's a growing concern for organizations due to potential lost revenue. The study, using a nationally representative sample of American...

Employees’ non-compliance with IS security procedures is a key concern for organizations. To tackle this problem, there exist several training approaches aimed at changing employees’ behavior. However, the extant literat ure does not examine the elementary...

Social networking sites are a popular medium of interaction and communication. Social networking sites provide the ability to run applications and games to test users' knowledge. The popularity of social networks makes it an ideal tool through which awareness can be...

This report presents the findings of a study which investigated the outcome of password strength and the behaviour; and sentiment of users subjected to four different password-composition policies.  

The research in this paper provides evidence for the “bystander effect”, an effect in which bystanders fail to help individuals due to the presence of other bystanders. The concept is born from various psychological factors, including diffusion of responsibility and...

In this study, we employed an iterative process to design firewall warnings. We developed a visualized interface for a personal firewall, drawing from a physical security metaphor. We carried out a study to assess how comprehensible our proposed warnings are to users,...

All organisations must take active steps to maintain the security and integrity of their information resources, and nowhere is this strategy more critical than in hospitals where issues of information accuracy and patient confidentiality are paramount. Of all the...

Hacking into corporate IT systems and individuals' computers is no longer a sport for bragging rights, but a major organized economic activity aiming for significant profits controlled largely by underground networks of criminals and organized crime on a global scale....

This research presents a comprehensive model to understand phishing susceptibility, building on previous studies on information processing and interpersonal deception. The model, validated using a group targeted by a real phishing attempt, explains nearly 50% of the...

This paper contributes to the growing body of literature on privacy and security by looking at self-reported password sharing practices. 62 men and 60 women recruited through a combination of snowball sampling and small ads answered a series of open-ended questions...