Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Fear appeals and information security behavior: An empircal study
Information technology executives strive to align the actions of end users with the desired security posture of management and of the firm through persuasive communication. In many cases, some element of fear is incorporated within these communications. However,...
Jumping security hurdles
It is widely recognised that success in tackling security issues often depends upon acknowledgement and action by individuals. To quote Amit Yoran, erstwhile director of the National Cyber Security Division within the US Department of Homeland Security: “The human...
Influence of awareness and training on cyber security
This article presents the results of a study to determine the impact of a cyber threat education and awareness intervention on changes in user security behavior. Subjects were randomly assigned to one of two introductory lectures about cyber threats due to poor...
Perception of information security
The objective of this study was to investigate people’s perception of information security and to unveil the factors that influence people’s perception of different threats to information security. In the survey study, 602 respondents were asked to evaluate one of 21...
Does the technology acceptance model predict actual use? A systematic literature review
This review examines the evidence that the technology acceptance model predicts actual technology usage using both subjective and objective measures of actual usage.
The psychology of password management: A tradeoff between security and convenience
Despite technological advances, humans remain the weakest link in internet security. In this paper, we examined user motivation behind five password management behaviors, e.g. selecting a password for the first time. We found that despite the fact that users know...
Using reinforcement to strengthen users’ secure behaviors
This paper discusses the prevalent issue of users often dismissing security dialogs without much thought. Previous research has demonstrated that user responses to security dialogs become significantly more thoughtful when the dialogs are polymorphic, and further...
Optimistic bias about online privacy risks: Testing the moderating effects of perceived controllability and prior experience
This study examined the ways in which Internet users construct their risk judgments about online privacy. The results, based on telephone survey data from a national probability sample in Singapore (n = 910), revealed that (a) individuals distinguish between two...
MINDSPACE: Influencing behaviour through public policy
In an effort to aid policy makers seeking to change behaviour, a team of researchers summarise nine non-coercive influencers of human behaviour: the messanger (who a message comes from); incentives (such as loss avoidance); norms (what other people already do);...
The effect of online privacy information on purchasing behavior: An experimental study
Although online retailers detail their privacy practices in online privacy policies, this information often remains invisible to consumers, who seldom make the effort to read and understand those policies. This paper reports on research undertaken to determine whether...
Spyware: What influences college students to use anti-spyware tools?
This study aims to understand the factors that influence college students to use anti-spyware tools, with the goal of informing future students about the spyware epidemic and ways to combat it. The research involved structured interviews and a survey, revealing...
Switch: How to change things when change is hard
According to this book's authors, we need only understand how our minds work to unlock shortcuts that can lead to long term behavour change. This book explores how our minds work and some shortcuts that might be of use when seeking to change human behaviour.
An analysis of information security awareness within home and work environments
As technology such as the Internet, computers and mobile devices become ubiquitous throughout society, the need to ensure our information remains secure is imperative. Unfortunately, it has long been understood that good security cannot be achieved through technical...
Analyzing the adoption of computer security utilizing the health belief model
The home Internet user faces a hostile environment abundant in potential attacks on their computers. These attacks have been increasing at an alarming rate and cause damage to individuals and organizations regularly, and have the potential to cripple the critical...
Compliance with information security policies: An empirical investigation
This paper primarily focuses on information security, specifically examining compliance with information security policies. The author questions the seemingly insignificant relationship between rewards and actual compliance with these policies, suggesting that this...
Impact of negative message framing on security adoption
This article examines the impact of negative message framing on security technology adoption. Based on previous studies, it was hypothesized that negatively-framed messages would have a greater effect on the adoption of security technologies which detect system abuse...
Quality and fairness of an information security policy as antecedents of employees’ security engagement in the workplace: An empirical investigation
This paper investigates the impact of the characteristics of information security policy (ISP) on an employee’s security compliance in the workplace. Two factors were proposed as the antecedents of employees’ security compliance: ISP Fairness and ISP Quality. ISP...
Product-related deceptive information practices in B2C e-commerce: Formation, outcomes, and detection
Two online experiments examine the effects of different e-commerce deception tactics on decision-making. The study finds consumers’ product choices are influenced by manipulation of product details and the order in which products are displayed, and concludes consumers...
Online security threats and computer user intentions
This paper discusses the paradox where computer users, despite being aware of spyware, often do not take measures to protect against it. A recent study delves into the reasons behind this indifference, suggesting that enhancing users' confidence in installing and...
Indirect warnings and instructions produce behavioral compliance
In this study, participants performed a computer memory task while compliance to three safety measures was monitored. Compling with indirect warnings – that is, warnings triggered by entities other than researchers – was not significantly different to compliance with...
Examining end-user perceptions of information risks: An application of the Repertory Grid Technique
This paper proposes a research method that investigates the risk perceptions of computer endusers relating to organisational Information Security (InfoSec) and the situational factors that influence these perceptions. This method uses the Repertory Grid Technique...