Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Passwords: If we’re so smart, why are we still using them?
While a lot has changed in Internet security in the last 10 years, a lot has stayed the same – such as the use of alphanumeric passwords. Passwords remain the dominant means of authentication on the Internet, even in the face of significant problems related to...
Studying users’ computer security behavior: A health belief perspective
The damage due to computer security incidents is motivating organizations to adopt protective mechanisms. While technological controls are necessary, computer security also depends on individual's security behavior. It is thus important to investigate what influences...
Avoidance of information technology threats: A theoretical perspective
This paper describes the development of the technology threat avoidance theory (TTAT), which explains individual IT users’ behavior of avoiding the threat of malicious information technologies. We articulate that avoidance and adoption are two qualitatively different...
Threat or coping appraisal: Determinants of SMB executives’ decision to adopt anti-malware software
This study presents an empirical investigation of factors affecting small- and medium-sized business (SMB) executives’ decision to adopt anti-malware software for their organizations. A research model was developed by adopting and expanding the protection motivation...
From culture to disobedience: Recognising the varying user acceptance of IT security
This article examines the levels of security acceptance that can exist amongst employees within an organisation, and how these levels relate to three recognised levels of corporate culture. It then proceeds to identify several factors that could be relevant to the...
Application of protection motivation theory to adoption of protective technologies
While most technology adoption models have focused on beneficial technologies, Protection Motivation Theory (PMT) is a potentially valuable model for predicting adoption of protective technologies, which help users avoid harm from a growing number of negative...
Self-disclosure, privacy and the internet
Authors discuss literature relating to self-disclosure on the internet, with a particular focus on disclosure via computer mediated communication and web-based forms. The authors posit further research questions.
Expert witness confidence and juror personality: Their impact on credibility and persuasion in the courtroom
This paper investigates relationships between several courtroom variables, including expert witness confidence, juror personality, expert witness credibilty and juror sentencing. It finds expert witness confidence to have a significant effect on ratings of...
Effects of individual and organization based beliefs and the moderating role of work experience on insiders’ good security behaviors
This research aims to identify the factors that drive an employee to comply with requirements of the Information Security Policy (ISP) with regard to protecting her organization’s information and technology resources. Two different research models are proposed for an...
An assessment of people’s vulnerabilities in relation to personal and sensitive data
It is becoming increasingly apparent that people are in fact the main weakness in regards to the protection of data. This paper explores in detail the areas in which personal details and sensitive data are socially engineered. The study investigated people's attitudes...
Fraud typologies and victims of fraud: Literature review
This comprehensive review seeks to report on fraud in a wide variety of forms, with a particular focus on mass marketing, identity and small business fraud. It finds fraud is often innovative, comes in a wide variety of forms and that fraudsters use a combination of...
So long, and no thanks for the externalities: The rational rejection of security advice by users
Principal Microsoft Researcher Cormac Herley argues users' rejection of security procedures is often entirely rational as the expected benefits of following security advice are often outweighed by the expected costs.
Nudging privacy: The behavioral economics of personal information
This article explores the application of theories and methodologies from behavioural economics and behavioural decision research to investigate privacy decision making.
School of Phish : A real-world evaluation of anti-phishing training categories and subject descriptors
PhishGuru is an embedded training system that teaches users to avoid falling for phishing attacks by delivering a training message when the user clicks on the URL in a simulated phishing email. In previous lab and real-world experiments, we validated the effectiveness...
Fear, uncertainty and doubt: The pillars of justification for cyber security
One can readily find computer and network security courses in most computer science departments, but we are likely overly ambitious calling computer security a science. The profession certainly has the aspects of an art, and it is fair to call much of the work...
An exploration of the design features of phishing attacks
Phishing is a growing phenomenon, which has not only caused billions in losses, but also has eroded consumer confidence in online transactions. To develop effective countermeasures, we need to understand how phishing e-mails exploit human vulnerabilities. We develop a...
Behavioral and policy issues in information systems security: The insider threat
This paper emphasizes the growing global interconnectivity and reliance on information systems (IS) in multiple sectors such as business and government. As institutions become more globally linked and dependent on automated control systems, the vulnerability of these...
Consumer motivations in taking action against spyware: An empirical investigation
The purpose of this paper is to develop a research framework and empirically analyze the factors that motivate the consumers to adopt and use anti-spyware tools when they are faced with security threats.
Locking the door but leaving the computer vulnerable: Factors inhibiting home users’ adoption of software firewalls
In the new era of a ubiquitously networked world, security measures are only as good as their weakest link. Home computers with access to the Internet are one of the weaker links as they are typically not as well protected as computers in the corporate world....
A test of interventions for security threats from social engineering
Recently, the role of human behavior has become a focal point in the study of information security countermeasures. However, few empirical studies have been conducted to test social engineering theory and the reasons why people may or may not fall victim, and even...
A cyber security culture framework and its impact on Zimbabwean organizations
Cybersecurity is the protection of internet-connected systems, including hardware, software and data, from cyberattacks. Cybersecurity culture is a set of the attitudes, assumptions, beliefs, values and knowledge that people use in their interaction with the...