Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Am I really at Risk? Determinants of online users’ intentions to use strong passwords
By using the protection motivation theory, this article tests a model of password protection intentions for online users. Hypotheses are proposed concerning the intention to engage in good password practices. Data were collected from 182 college students of 3...
PhishDuck: Capturing user intention in an email client to combat phishing
We present the design and evaluation of PhishDuck, an anti-phishing tool for email clients. Phishduck presents a interfaces to users if they click on suspicious emails, and helps guide them towards making safe decisions. We present two different interfaces, a warning...
Mood and audience effects on video lottery terminal gambling
This study looks into how mood and audience influence gambling behaviours. Although mood seems to have no effect on gambling behavior, participants with a negative mood prior to gambling report more positive moods after gambling. Those with positive and neutral moods...
Effects on employees’ information security abilities by e-learning
The purpose of this paper is to measure and discuss the effects of an e-learning tool aiming at improving the information security knowledge, awareness, and behaviour of employees. Design/methodology/approach – The intervention study has a pre- and post-assessment of...
Human factors in information security: The insider threat–Who can you trust these days?
The paper describes a practitioner’s view of the issue and the approaches used by BT to assess and address insider threats and risks. Proactive measures need to be taken to mitigate against insider attacks rather than reactive measures after the event. A key priority...
Self-efficacy in information security: Its influence on end users’ information security practice behavior
The ultimate success of information security depends on appropriate information security practice behaviors by the end users. Based on social cognitive theory, this study models and tests relationships among self-efficacy in information security, security practice...
Risk taking, antisocial behavior, and life histories
This paper explores the ultimate causes of risk-taking and anti-social behavior. In particular, it explores the notion of such behaviors as evolutionary. It suggests a research program informed by life history analysis may reveal the ultimate causes of risk-taking and...
Impact of perceived technical protection on security behaviors
The purpose of this paper based on compensation theory, is to incorporate perceived technical security protection into the theory of planned behavior and examined factors affecting end‐user security behaviors, specifically, compliance with security policies. The...
Determinants of online privacy concern and its influence on privacy protection behaviors among young adolescents
With Rogers' protection motivation theory as the theoretical framework, this study identified determinants of young adolescents' level of privacy concerns, which, in turn, affects their resultant coping behaviors to protect privacy. Survey data from 144 middle school...
A profitless endeavor: Phishing as tragedy of the commons
Conventional wisdom is that phishing represents easy money. In this paper we examine the economics that underlie the phenomenon, and find a very different picture. Phishing is a classic example of tragedy of the commons, where there is open access to a resource that...
Teaching Johnny not to fall for phish
Research focusing on educating users about phishing and identifying phishing emails, as opposed to using technology for prevention and detection. The research identified multiple problems, namely: that people were not motivated to learn about security; that security...
Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness
This paper develops and tests a theoretical model of the incentive effects of penalties, pressures and perceived effectiveness of employee actions.
On the failure to eliminate hypotheses in a conceptual task
This study examines the extent to which individuals seek confirming – or disconfirming – evidence, instead of actually testing a hypothesis. Results indicated that, often, individuals are unwilling (or unable) to test their hypotheses.
Understanding scam victims: Seven principles for systems security
The success of many attacks on computer systems can be traced back to the security engineers not understanding the psychology of the system users they meant to protect. We examine a variety of scams and “short cons” that were investigated, documented and recreated for...
Revealing hidden context: Improving mental models of personal firewall users
The Windows Vista personal firewall provides users with a simple interface, obscuring many operational details. However, this concealment of the network context's impact on the firewall's security state may lead users to form an inaccurate mental model of the...
Understanding user behavior towards passwords through acceptance and use modelling
The security of computer systems that store our data is a major issue facing the world. This research project investigated the roles of ease of use, facilitating conditions, intention to use passwords securely, experience and age on usage of passwords, using a model...
Playing safe : A prototype game for raising awareness of social engineering
Social engineering is now a major threat to users and systems in the online context, and it is therefore vital to educate potential victims in order to reduce their susceptibility to the related attacks. However, as with other aspects of security education, this...
A study of employees’ attitudes towards organisational information security policies in the UK and Oman
There is a need to understand what makes information security successful in an organization. What are the threats that the organization must deal with and what are the criteria of a beneficial information security policy? Policies are in place, but why employees are...
The effectiveness of deceptive tactics in phishing
Phishing, or the attempt of criminals to obtain sensitive information through a variety of techniques, is still a serious problem for IT managers and Internet consumers. With over 57 million Americans exposed to phishing in 2005, a reported 5% of recipients were...
Exploring the relationship between organizational culture and information security culture
Managing Information Security is becoming more challenging in today’s business because people are both a cause of information security incidents as well as a key part of the protection from them. As the impact of organizational culture (OC) on employees is...
Two case studies in using chatbots for security training
This paper discusses the result of two case studies performed in a large international company to test the use of chatbots for internal security training. The first study targeted 26 end users in the company while the second study examined 80 security specialists....