Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
A study of employees’ attitudes towards organisational information security policies in the UK and Oman
There is a need to understand what makes information security successful in an organization. What are the threats that the organization must deal with and what are the criteria of a beneficial information security policy? Policies are in place, but why employees are...
The effectiveness of deceptive tactics in phishing
Phishing, or the attempt of criminals to obtain sensitive information through a variety of techniques, is still a serious problem for IT managers and Internet consumers. With over 57 million Americans exposed to phishing in 2005, a reported 5% of recipients were...
Exploring the relationship between organizational culture and information security culture
Managing Information Security is becoming more challenging in today’s business because people are both a cause of information security incidents as well as a key part of the protection from them. As the impact of organizational culture (OC) on employees is...
Two case studies in using chatbots for security training
This paper discusses the result of two case studies performed in a large international company to test the use of chatbots for internal security training. The first study targeted 26 end users in the company while the second study examined 80 security specialists....
The psychology of scams: Provoking and committing errors of judgement
This comprehensive report seeks to understand the persuasion techniques employed by scammers that successfully provoke human errors in judgement. It finds a successful scam involves all the standard elements of the 'marketing mix' – although scams differ from...
What levels of moral reasoning and values explain adherence to information security rules? An empirical study
It is widely agreed that employee non-adherence to information security policies poses a major problem for organizations. Previous research has pointed to the potential of theories of moral reasoning to better understand this problem. However, we find no empirical...
Passwords: If we’re so smart, why are we still using them?
While a lot has changed in Internet security in the last 10 years, a lot has stayed the same – such as the use of alphanumeric passwords. Passwords remain the dominant means of authentication on the Internet, even in the face of significant problems related to...
Studying users’ computer security behavior: A health belief perspective
The damage due to computer security incidents is motivating organizations to adopt protective mechanisms. While technological controls are necessary, computer security also depends on individual's security behavior. It is thus important to investigate what influences...
Avoidance of information technology threats: A theoretical perspective
This paper describes the development of the technology threat avoidance theory (TTAT), which explains individual IT users’ behavior of avoiding the threat of malicious information technologies. We articulate that avoidance and adoption are two qualitatively different...
Threat or coping appraisal: Determinants of SMB executives’ decision to adopt anti-malware software
This study presents an empirical investigation of factors affecting small- and medium-sized business (SMB) executives’ decision to adopt anti-malware software for their organizations. A research model was developed by adopting and expanding the protection motivation...
From culture to disobedience: Recognising the varying user acceptance of IT security
This article examines the levels of security acceptance that can exist amongst employees within an organisation, and how these levels relate to three recognised levels of corporate culture. It then proceeds to identify several factors that could be relevant to the...
Application of protection motivation theory to adoption of protective technologies
While most technology adoption models have focused on beneficial technologies, Protection Motivation Theory (PMT) is a potentially valuable model for predicting adoption of protective technologies, which help users avoid harm from a growing number of negative...
Self-disclosure, privacy and the internet
Authors discuss literature relating to self-disclosure on the internet, with a particular focus on disclosure via computer mediated communication and web-based forms. The authors posit further research questions.
Expert witness confidence and juror personality: Their impact on credibility and persuasion in the courtroom
This paper investigates relationships between several courtroom variables, including expert witness confidence, juror personality, expert witness credibilty and juror sentencing. It finds expert witness confidence to have a significant effect on ratings of...
Effects of individual and organization based beliefs and the moderating role of work experience on insiders’ good security behaviors
This research aims to identify the factors that drive an employee to comply with requirements of the Information Security Policy (ISP) with regard to protecting her organization’s information and technology resources. Two different research models are proposed for an...
An assessment of people’s vulnerabilities in relation to personal and sensitive data
It is becoming increasingly apparent that people are in fact the main weakness in regards to the protection of data. This paper explores in detail the areas in which personal details and sensitive data are socially engineered. The study investigated people's attitudes...
Fraud typologies and victims of fraud: Literature review
This comprehensive review seeks to report on fraud in a wide variety of forms, with a particular focus on mass marketing, identity and small business fraud. It finds fraud is often innovative, comes in a wide variety of forms and that fraudsters use a combination of...
So long, and no thanks for the externalities: The rational rejection of security advice by users
Principal Microsoft Researcher Cormac Herley argues users' rejection of security procedures is often entirely rational as the expected benefits of following security advice are often outweighed by the expected costs.
Nudging privacy: The behavioral economics of personal information
This article explores the application of theories and methodologies from behavioural economics and behavioural decision research to investigate privacy decision making.
School of Phish : A real-world evaluation of anti-phishing training categories and subject descriptors
PhishGuru is an embedded training system that teaches users to avoid falling for phishing attacks by delivering a training message when the user clicks on the URL in a simulated phishing email. In previous lab and real-world experiments, we validated the effectiveness...
Fear, uncertainty and doubt: The pillars of justification for cyber security
One can readily find computer and network security courses in most computer science departments, but we are likely overly ambitious calling computer security a science. The profession certainly has the aspects of an art, and it is fair to call much of the work...