Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Cyber security for home users: A new way of protection through awareness enforcement
We are currently living in an age, where the use of the Internet has become second nature to millions of people. Not only businesses depend on the Internet for all types of electronic transactions, but more and more home users are also experiencing the immense benefit...
Policies and procedures to manage employee Internet abuse
Industry analysts estimate that billions of dollars in lost revenue were attributed to employee Internet abuse. Trends also suggest that lost job productivity and corporate liability have emerged as new workplace concerns due to growth of new online technologies and...
It’s too complicated, so I turned it off!: Expectations, perceptions, and misconceptions of personal firewalls
Even though personal firewalls are an important aspect of security for the users of personal computers, little attention has been given to their usability. We conducted semi-structured interviews with a diverse set of participants to gain an understanding of their...
Neutralization: New insights into the problem of employee information systems security policy violations
Employees' failure to comply with information systems security policies is a major concern for information technology security managers. In efforts to understand this problem, IS security researchers have traditionally viewed violations of IS security policies through...
Strangers on a plane: Context-dependent willingness to divulge sensitive information
New marketing paradigms that exploit the capabilities for data collection, aggregation, and dissemination introduced by the Internet provide benefits to consumers but also pose real or perceived privacy hazards. In four experiments, we seek to understand consumer...
Assessing insider threats to information security using technical, behavioural and organisational measures
The insider threat is undeniable. The first step in addressing this issue is to evaluate the potential for such threats. Merely technical solutions are not adequate as insider threats primarily stem from human factors. Hence, it is imperative to adopt a three-tiered...
Insiders’ protection of organizational information assets: A multidimensional scaling study of protection-motivated behaviors
Protecting information from a wide variety of security threats is an important and sometimes daunting organizational activity. Instead of relying solely on technological advancements to help solve human problems, managers within firms must recognize and understand the...
Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness
Many organizations recognize that their employees, who are often considered the weakest link in information security, can also be great assets in the effort to reduce risk related to information security. Since employees who comply with the 1 Mikko Siponen was the...
Encountering stronger password requirements
Despite the advent of sophisticated authentication systems, text-based passwords remain the most widely adopted method of securing information systems. Seizing a unique opportunity that arose following a substantial shift in Carnegie Mellon University's (CMU) password...
The challenges of understanding users’ security-related knowledge, behaviour, and motivations
In order to improve current security solutions or devise novel ones, it is important to understand users’ knowledge, behaviour, motivations and challenges in using a security solution. However, achieving this understanding is challenging because of the limitations of...
Understanding security behaviors in personal computer usage : A threat avoidance perspective
This study aims to understand the IT threat avoidance behaviors of personal computer users. We tested a research model derived from Technology Threat Avoidance Theory (TTAT) using survey data. We find that users’ IT threat avoidance behavior is predicted by avoidance...
Understanding and transforming organizational security culture
The paper is based on the findings and conclusions of research, observations and projects carried out in large organizations over the last two decades. It highlights failings and critical success factors in contemporary approaches to transform organizational culture....
Assessing the impact of security culture and the employee-organization relationship on IS security compliance
IS security advocates recommend strategies that shape user behavior as part of an overall information security management program. A major challenge for organizations is encouraging employees to comply with IS security policies. This paper examines the influence of...
Fear appeals and information security behavior: An empircal study
Information technology executives strive to align the actions of end users with the desired security posture of management and of the firm through persuasive communication. In many cases, some element of fear is incorporated within these communications. However,...
Jumping security hurdles
It is widely recognised that success in tackling security issues often depends upon acknowledgement and action by individuals. To quote Amit Yoran, erstwhile director of the National Cyber Security Division within the US Department of Homeland Security: “The human...
Influence of awareness and training on cyber security
This article presents the results of a study to determine the impact of a cyber threat education and awareness intervention on changes in user security behavior. Subjects were randomly assigned to one of two introductory lectures about cyber threats due to poor...
Perception of information security
The objective of this study was to investigate people’s perception of information security and to unveil the factors that influence people’s perception of different threats to information security. In the survey study, 602 respondents were asked to evaluate one of 21...
Does the technology acceptance model predict actual use? A systematic literature review
This review examines the evidence that the technology acceptance model predicts actual technology usage using both subjective and objective measures of actual usage.
The psychology of password management: A tradeoff between security and convenience
Despite technological advances, humans remain the weakest link in internet security. In this paper, we examined user motivation behind five password management behaviors, e.g. selecting a password for the first time. We found that despite the fact that users know...
Using reinforcement to strengthen users’ secure behaviors
This paper discusses the prevalent issue of users often dismissing security dialogs without much thought. Previous research has demonstrated that user responses to security dialogs become significantly more thoughtful when the dialogs are polymorphic, and further...
Optimistic bias about online privacy risks: Testing the moderating effects of perceived controllability and prior experience
This study examined the ways in which Internet users construct their risk judgments about online privacy. The results, based on telephone survey data from a national probability sample in Singapore (n = 910), revealed that (a) individuals distinguish between two...