Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Understanding scam victims: Seven principles for systems security
The success of many attacks on computer systems can be traced back to the security engineers not understanding the psychology of the system users they meant to protect. We examine a variety of scams and “short cons” that were investigated, documented and recreated for...
Revealing hidden context: Improving mental models of personal firewall users
The Windows Vista personal firewall provides users with a simple interface, obscuring many operational details. However, this concealment of the network context's impact on the firewall's security state may lead users to form an inaccurate mental model of the...
Understanding user behavior towards passwords through acceptance and use modelling
The security of computer systems that store our data is a major issue facing the world. This research project investigated the roles of ease of use, facilitating conditions, intention to use passwords securely, experience and age on usage of passwords, using a model...
Playing safe : A prototype game for raising awareness of social engineering
Social engineering is now a major threat to users and systems in the online context, and it is therefore vital to educate potential victims in order to reduce their susceptibility to the related attacks. However, as with other aspects of security education, this...
A study of employees’ attitudes towards organisational information security policies in the UK and Oman
There is a need to understand what makes information security successful in an organization. What are the threats that the organization must deal with and what are the criteria of a beneficial information security policy? Policies are in place, but why employees are...
The effectiveness of deceptive tactics in phishing
Phishing, or the attempt of criminals to obtain sensitive information through a variety of techniques, is still a serious problem for IT managers and Internet consumers. With over 57 million Americans exposed to phishing in 2005, a reported 5% of recipients were...
Exploring the relationship between organizational culture and information security culture
Managing Information Security is becoming more challenging in today’s business because people are both a cause of information security incidents as well as a key part of the protection from them. As the impact of organizational culture (OC) on employees is...
Two case studies in using chatbots for security training
This paper discusses the result of two case studies performed in a large international company to test the use of chatbots for internal security training. The first study targeted 26 end users in the company while the second study examined 80 security specialists....
The psychology of scams: Provoking and committing errors of judgement
This comprehensive report seeks to understand the persuasion techniques employed by scammers that successfully provoke human errors in judgement. It finds a successful scam involves all the standard elements of the 'marketing mix' – although scams differ from...
What levels of moral reasoning and values explain adherence to information security rules? An empirical study
It is widely agreed that employee non-adherence to information security policies poses a major problem for organizations. Previous research has pointed to the potential of theories of moral reasoning to better understand this problem. However, we find no empirical...
Passwords: If we’re so smart, why are we still using them?
While a lot has changed in Internet security in the last 10 years, a lot has stayed the same – such as the use of alphanumeric passwords. Passwords remain the dominant means of authentication on the Internet, even in the face of significant problems related to...
Studying users’ computer security behavior: A health belief perspective
The damage due to computer security incidents is motivating organizations to adopt protective mechanisms. While technological controls are necessary, computer security also depends on individual's security behavior. It is thus important to investigate what influences...
Avoidance of information technology threats: A theoretical perspective
This paper describes the development of the technology threat avoidance theory (TTAT), which explains individual IT users’ behavior of avoiding the threat of malicious information technologies. We articulate that avoidance and adoption are two qualitatively different...
Threat or coping appraisal: Determinants of SMB executives’ decision to adopt anti-malware software
This study presents an empirical investigation of factors affecting small- and medium-sized business (SMB) executives’ decision to adopt anti-malware software for their organizations. A research model was developed by adopting and expanding the protection motivation...
From culture to disobedience: Recognising the varying user acceptance of IT security
This article examines the levels of security acceptance that can exist amongst employees within an organisation, and how these levels relate to three recognised levels of corporate culture. It then proceeds to identify several factors that could be relevant to the...
Application of protection motivation theory to adoption of protective technologies
While most technology adoption models have focused on beneficial technologies, Protection Motivation Theory (PMT) is a potentially valuable model for predicting adoption of protective technologies, which help users avoid harm from a growing number of negative...
Self-disclosure, privacy and the internet
Authors discuss literature relating to self-disclosure on the internet, with a particular focus on disclosure via computer mediated communication and web-based forms. The authors posit further research questions.
Expert witness confidence and juror personality: Their impact on credibility and persuasion in the courtroom
This paper investigates relationships between several courtroom variables, including expert witness confidence, juror personality, expert witness credibilty and juror sentencing. It finds expert witness confidence to have a significant effect on ratings of...
Effects of individual and organization based beliefs and the moderating role of work experience on insiders’ good security behaviors
This research aims to identify the factors that drive an employee to comply with requirements of the Information Security Policy (ISP) with regard to protecting her organization’s information and technology resources. Two different research models are proposed for an...
An assessment of people’s vulnerabilities in relation to personal and sensitive data
It is becoming increasingly apparent that people are in fact the main weakness in regards to the protection of data. This paper explores in detail the areas in which personal details and sensitive data are socially engineered. The study investigated people's attitudes...
Fraud typologies and victims of fraud: Literature review
This comprehensive review seeks to report on fraud in a wide variety of forms, with a particular focus on mass marketing, identity and small business fraud. It finds fraud is often innovative, comes in a wide variety of forms and that fraudsters use a combination of...