Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Understanding security behaviors in personal computer usage : A threat avoidance perspective
This study aims to understand the IT threat avoidance behaviors of personal computer users. We tested a research model derived from Technology Threat Avoidance Theory (TTAT) using survey data. We find that users’ IT threat avoidance behavior is predicted by avoidance...
Understanding and transforming organizational security culture
The paper is based on the findings and conclusions of research, observations and projects carried out in large organizations over the last two decades. It highlights failings and critical success factors in contemporary approaches to transform organizational culture....
Assessing the impact of security culture and the employee-organization relationship on IS security compliance
IS security advocates recommend strategies that shape user behavior as part of an overall information security management program. A major challenge for organizations is encouraging employees to comply with IS security policies. This paper examines the influence of...
Fear appeals and information security behavior: An empircal study
Information technology executives strive to align the actions of end users with the desired security posture of management and of the firm through persuasive communication. In many cases, some element of fear is incorporated within these communications. However,...
Jumping security hurdles
It is widely recognised that success in tackling security issues often depends upon acknowledgement and action by individuals. To quote Amit Yoran, erstwhile director of the National Cyber Security Division within the US Department of Homeland Security: “The human...
Influence of awareness and training on cyber security
This article presents the results of a study to determine the impact of a cyber threat education and awareness intervention on changes in user security behavior. Subjects were randomly assigned to one of two introductory lectures about cyber threats due to poor...
Perception of information security
The objective of this study was to investigate people’s perception of information security and to unveil the factors that influence people’s perception of different threats to information security. In the survey study, 602 respondents were asked to evaluate one of 21...
Does the technology acceptance model predict actual use? A systematic literature review
This review examines the evidence that the technology acceptance model predicts actual technology usage using both subjective and objective measures of actual usage.
The psychology of password management: A tradeoff between security and convenience
Despite technological advances, humans remain the weakest link in internet security. In this paper, we examined user motivation behind five password management behaviors, e.g. selecting a password for the first time. We found that despite the fact that users know...
Using reinforcement to strengthen users’ secure behaviors
This paper discusses the prevalent issue of users often dismissing security dialogs without much thought. Previous research has demonstrated that user responses to security dialogs become significantly more thoughtful when the dialogs are polymorphic, and further...
Optimistic bias about online privacy risks: Testing the moderating effects of perceived controllability and prior experience
This study examined the ways in which Internet users construct their risk judgments about online privacy. The results, based on telephone survey data from a national probability sample in Singapore (n = 910), revealed that (a) individuals distinguish between two...
MINDSPACE: Influencing behaviour through public policy
In an effort to aid policy makers seeking to change behaviour, a team of researchers summarise nine non-coercive influencers of human behaviour: the messanger (who a message comes from); incentives (such as loss avoidance); norms (what other people already do);...
The effect of online privacy information on purchasing behavior: An experimental study
Although online retailers detail their privacy practices in online privacy policies, this information often remains invisible to consumers, who seldom make the effort to read and understand those policies. This paper reports on research undertaken to determine whether...
Spyware: What influences college students to use anti-spyware tools?
This study aims to understand the factors that influence college students to use anti-spyware tools, with the goal of informing future students about the spyware epidemic and ways to combat it. The research involved structured interviews and a survey, revealing...
Switch: How to change things when change is hard
According to this book's authors, we need only understand how our minds work to unlock shortcuts that can lead to long term behavour change. This book explores how our minds work and some shortcuts that might be of use when seeking to change human behaviour.
An analysis of information security awareness within home and work environments
As technology such as the Internet, computers and mobile devices become ubiquitous throughout society, the need to ensure our information remains secure is imperative. Unfortunately, it has long been understood that good security cannot be achieved through technical...
Analyzing the adoption of computer security utilizing the health belief model
The home Internet user faces a hostile environment abundant in potential attacks on their computers. These attacks have been increasing at an alarming rate and cause damage to individuals and organizations regularly, and have the potential to cripple the critical...
Compliance with information security policies: An empirical investigation
This paper primarily focuses on information security, specifically examining compliance with information security policies. The author questions the seemingly insignificant relationship between rewards and actual compliance with these policies, suggesting that this...
Impact of negative message framing on security adoption
This article examines the impact of negative message framing on security technology adoption. Based on previous studies, it was hypothesized that negatively-framed messages would have a greater effect on the adoption of security technologies which detect system abuse...
Quality and fairness of an information security policy as antecedents of employees’ security engagement in the workplace: An empirical investigation
This paper investigates the impact of the characteristics of information security policy (ISP) on an employee’s security compliance in the workplace. Two factors were proposed as the antecedents of employees’ security compliance: ISP Fairness and ISP Quality. ISP...
Product-related deceptive information practices in B2C e-commerce: Formation, outcomes, and detection
Two online experiments examine the effects of different e-commerce deception tactics on decision-making. The study finds consumers’ product choices are influenced by manipulation of product details and the order in which products are displayed, and concludes consumers...