Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions
In this paper we present the results of a roleplay survey instrument administered to 1001 online survey respondents to study both the relationship between demographics and phishing susceptibility and the effectiveness of several anti- phishing educational materials....
Why do employees violate is security policies?
Employee violations of IS security policies is recognized as a key concern for organizations. Although interest in IS security has risen in recent years, little empirical research has examined this problem. To address this research gap, this dissertation identifies...
Why science tells us not to rely on eyewitness accounts
This article reports human memories as reconstructed fragments of information, as opposed to recorded feedback. According to the article false memories are easily recalled, jeopardising eyewitness reports. Eyewitness reports should therefore perhaps be used with...
Scare tactics – A viable weapon in the security war?
End users are frequently criticised as the sources of bad security practice, and it is suggested they might take the issue more seriously if they experienced a breach. An option for enabling this would be for security administrators to deliberately create conditions...
Am I really at Risk? Determinants of online users’ intentions to use strong passwords
By using the protection motivation theory, this article tests a model of password protection intentions for online users. Hypotheses are proposed concerning the intention to engage in good password practices. Data were collected from 182 college students of 3...
PhishDuck: Capturing user intention in an email client to combat phishing
We present the design and evaluation of PhishDuck, an anti-phishing tool for email clients. Phishduck presents a interfaces to users if they click on suspicious emails, and helps guide them towards making safe decisions. We present two different interfaces, a warning...
Mood and audience effects on video lottery terminal gambling
This study looks into how mood and audience influence gambling behaviours. Although mood seems to have no effect on gambling behavior, participants with a negative mood prior to gambling report more positive moods after gambling. Those with positive and neutral moods...
Effects on employees’ information security abilities by e-learning
The purpose of this paper is to measure and discuss the effects of an e-learning tool aiming at improving the information security knowledge, awareness, and behaviour of employees. Design/methodology/approach – The intervention study has a pre- and post-assessment of...
Human factors in information security: The insider threat–Who can you trust these days?
The paper describes a practitioner’s view of the issue and the approaches used by BT to assess and address insider threats and risks. Proactive measures need to be taken to mitigate against insider attacks rather than reactive measures after the event. A key priority...
Self-efficacy in information security: Its influence on end users’ information security practice behavior
The ultimate success of information security depends on appropriate information security practice behaviors by the end users. Based on social cognitive theory, this study models and tests relationships among self-efficacy in information security, security practice...
Risk taking, antisocial behavior, and life histories
This paper explores the ultimate causes of risk-taking and anti-social behavior. In particular, it explores the notion of such behaviors as evolutionary. It suggests a research program informed by life history analysis may reveal the ultimate causes of risk-taking and...
Impact of perceived technical protection on security behaviors
The purpose of this paper based on compensation theory, is to incorporate perceived technical security protection into the theory of planned behavior and examined factors affecting end‐user security behaviors, specifically, compliance with security policies. The...
Determinants of online privacy concern and its influence on privacy protection behaviors among young adolescents
With Rogers' protection motivation theory as the theoretical framework, this study identified determinants of young adolescents' level of privacy concerns, which, in turn, affects their resultant coping behaviors to protect privacy. Survey data from 144 middle school...
A profitless endeavor: Phishing as tragedy of the commons
Conventional wisdom is that phishing represents easy money. In this paper we examine the economics that underlie the phenomenon, and find a very different picture. Phishing is a classic example of tragedy of the commons, where there is open access to a resource that...
Teaching Johnny not to fall for phish
Research focusing on educating users about phishing and identifying phishing emails, as opposed to using technology for prevention and detection. The research identified multiple problems, namely: that people were not motivated to learn about security; that security...
Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness
This paper develops and tests a theoretical model of the incentive effects of penalties, pressures and perceived effectiveness of employee actions.
On the failure to eliminate hypotheses in a conceptual task
This study examines the extent to which individuals seek confirming – or disconfirming – evidence, instead of actually testing a hypothesis. Results indicated that, often, individuals are unwilling (or unable) to test their hypotheses.
Understanding scam victims: Seven principles for systems security
The success of many attacks on computer systems can be traced back to the security engineers not understanding the psychology of the system users they meant to protect. We examine a variety of scams and “short cons” that were investigated, documented and recreated for...
Revealing hidden context: Improving mental models of personal firewall users
The Windows Vista personal firewall provides users with a simple interface, obscuring many operational details. However, this concealment of the network context's impact on the firewall's security state may lead users to form an inaccurate mental model of the...
Understanding user behavior towards passwords through acceptance and use modelling
The security of computer systems that store our data is a major issue facing the world. This research project investigated the roles of ease of use, facilitating conditions, intention to use passwords securely, experience and age on usage of passwords, using a model...
Playing safe : A prototype game for raising awareness of social engineering
Social engineering is now a major threat to users and systems in the online context, and it is therefore vital to educate potential victims in order to reduce their susceptibility to the related attacks. However, as with other aspects of security education, this...