Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
MINDSPACE: Influencing behaviour through public policy
In an effort to aid policy makers seeking to change behaviour, a team of researchers summarise nine non-coercive influencers of human behaviour: the messanger (who a message comes from); incentives (such as loss avoidance); norms (what other people already do);...
The effect of online privacy information on purchasing behavior: An experimental study
Although online retailers detail their privacy practices in online privacy policies, this information often remains invisible to consumers, who seldom make the effort to read and understand those policies. This paper reports on research undertaken to determine whether...
Spyware: What influences college students to use anti-spyware tools?
This study aims to understand the factors that influence college students to use anti-spyware tools, with the goal of informing future students about the spyware epidemic and ways to combat it. The research involved structured interviews and a survey, revealing...
Switch: How to change things when change is hard
According to this book's authors, we need only understand how our minds work to unlock shortcuts that can lead to long term behavour change. This book explores how our minds work and some shortcuts that might be of use when seeking to change human behaviour.
An analysis of information security awareness within home and work environments
As technology such as the Internet, computers and mobile devices become ubiquitous throughout society, the need to ensure our information remains secure is imperative. Unfortunately, it has long been understood that good security cannot be achieved through technical...
Analyzing the adoption of computer security utilizing the health belief model
The home Internet user faces a hostile environment abundant in potential attacks on their computers. These attacks have been increasing at an alarming rate and cause damage to individuals and organizations regularly, and have the potential to cripple the critical...
Compliance with information security policies: An empirical investigation
This paper primarily focuses on information security, specifically examining compliance with information security policies. The author questions the seemingly insignificant relationship between rewards and actual compliance with these policies, suggesting that this...
Impact of negative message framing on security adoption
This article examines the impact of negative message framing on security technology adoption. Based on previous studies, it was hypothesized that negatively-framed messages would have a greater effect on the adoption of security technologies which detect system abuse...
Quality and fairness of an information security policy as antecedents of employees’ security engagement in the workplace: An empirical investigation
This paper investigates the impact of the characteristics of information security policy (ISP) on an employee’s security compliance in the workplace. Two factors were proposed as the antecedents of employees’ security compliance: ISP Fairness and ISP Quality. ISP...
Product-related deceptive information practices in B2C e-commerce: Formation, outcomes, and detection
Two online experiments examine the effects of different e-commerce deception tactics on decision-making. The study finds consumers’ product choices are influenced by manipulation of product details and the order in which products are displayed, and concludes consumers...
Online security threats and computer user intentions
This paper discusses the paradox where computer users, despite being aware of spyware, often do not take measures to protect against it. A recent study delves into the reasons behind this indifference, suggesting that enhancing users' confidence in installing and...
Indirect warnings and instructions produce behavioral compliance
In this study, participants performed a computer memory task while compliance to three safety measures was monitored. Compling with indirect warnings – that is, warnings triggered by entities other than researchers – was not significantly different to compliance with...
Examining end-user perceptions of information risks: An application of the Repertory Grid Technique
This paper proposes a research method that investigates the risk perceptions of computer endusers relating to organisational Information Security (InfoSec) and the situational factors that influence these perceptions. This method uses the Repertory Grid Technique...
Human factors and information security: Individual, culture and security environment
The application of information security technologies do not always result in improved security. Human factors play a significant role in computer security; factors such as individual difference, cognitive abilities and personality traits can impact on behaviour....
Comparative analysis of social engineering attack based on SMS and phone
Nowadays, information becomes a very valuable thing that is owned by every individual, organization or company. Various efforts are made to maintain the security of information owned. There are still many people who pay less attention to the danger or threat to the...
Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions
In this paper we present the results of a roleplay survey instrument administered to 1001 online survey respondents to study both the relationship between demographics and phishing susceptibility and the effectiveness of several anti- phishing educational materials....
Why do employees violate is security policies?
Employee violations of IS security policies is recognized as a key concern for organizations. Although interest in IS security has risen in recent years, little empirical research has examined this problem. To address this research gap, this dissertation identifies...
Why science tells us not to rely on eyewitness accounts
This article reports human memories as reconstructed fragments of information, as opposed to recorded feedback. According to the article false memories are easily recalled, jeopardising eyewitness reports. Eyewitness reports should therefore perhaps be used with...
Scare tactics – A viable weapon in the security war?
End users are frequently criticised as the sources of bad security practice, and it is suggested they might take the issue more seriously if they experienced a breach. An option for enabling this would be for security administrators to deliberately create conditions...
Am I really at Risk? Determinants of online users’ intentions to use strong passwords
By using the protection motivation theory, this article tests a model of password protection intentions for online users. Hypotheses are proposed concerning the intention to engage in good password practices. Data were collected from 182 college students of 3...
PhishDuck: Capturing user intention in an email client to combat phishing
We present the design and evaluation of PhishDuck, an anti-phishing tool for email clients. Phishduck presents a interfaces to users if they click on suspicious emails, and helps guide them towards making safe decisions. We present two different interfaces, a warning...