Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Protection motivation and deterrence: A framework for security policy compliance in organisations
Enterprises establish computer security policies to ensure the security of information resources; however, if employees and end-users of organisational information systems (IS) are not keen or are unwilling to follow security policies, then these efforts are in vain....
Persuasion for stronger passwords: Motivation and pilot study
Text passwords are the ubiquitous method of authentication, used by most people for most online services. Many people choose weak passwords that are vulnerable to attackers who simply guess all the passwords within the most probable password spaces. This paper...
Making choices impairs subsequent self-control: A limited-resource account of decision making, self-regulation, and active Initiative
This study into the relationship between making choices and self-control demonstrated that making choices (such as between consumer goods) depletes subsequent self control.
Security engineering: A guide to building dependable distributed systems
This book offers an introduction to security engineering in the 21st century, offering insights into the workings of 21st century security devices and considerations for those building new security devices.
Opening the mind to close it: Considering a message in light of important values increases message processing and later resistance to change
As the paper's prescriptive title suggests, the authors find linking a message to any important values an individual might hold increases the effectiveness of a message – which is likely to be of use when a message has little or no personal relevance to an individual....
You’ve been warned: An empirical study of the effectiveness of web browser phishing warnings
Researchers studied the effectiveness of web browser phishing warnings by targeting 60 study participants with simulated email phishing attacks. 97% of study participants clicked a link in at least one simulated phishing email. When then presented with a passive web...
A taxonomy of behavior change techniques used in interventions
Objective: Without standardized definitions of the techniques included in behavior change interventions, it is difficult to faithfully replicate effective interventions and challenging to identify techniques contributing to effectiveness across interventions. This...
From theory to intervention: Mapping theoretically derived behavioural determinants to behaviour change techniques
Theory provides a helpful basis for designing interventions to change behaviour but offers little guidance on how to do this. This paper aims to illustrate methods for developing an extensive list of behaviour change techniques (with definitions) and for linking...
The role of cyber-security in information technology education
Recent reports indicate a shortage of approximately 20,000- 30,000 qualified cyber-security specialists in the US Public Sector alone despite being one of the best financially compensated technology-related domains. Against ever evolving cyber-threats the need to...
Malware detection and removal: An examination of personal anti-virus software
SoHo users are increasingly faced with the dilemma of applying appropriate security mechanisms to their computer with little or no knowledge of which countermeasure will deal with which potential threat. As problematic as it may seem for individuals to apply...
User perceptions of software with embedded spyware
This paper presents an experimental study involving participants using an online analytical processing software product. Following usage, the experimental group was informed that the software contained spyware. Responses from the experimental and control groups were...
Spyware and adware: How do internet users defend themselves?
The spread of broadband Internet has resulted in the increase of spyware and adware. This study highlights their damaging effects and proposes a model that captures defensive measures adopted by Internet users. Specifically, our model indicates that knowledge has a...
Wisecrackers: A theory-grounded investigation of phishing and pretext social engineering threats to information security
The collection and dissemination of information about people by businesses and governments is ubiquitous. One of the main threats to people's privacy comes from human carelessness with this information, yet little empirical research has studied behaviors associated...
Out of fear or desire: Why do employees follow information systems security policies?
Two well-grounded motivational models—command-and-control and self-regulation, which are viewed as competing explanations of why individuals follow rules (Tyler and Blader 2005)—are used as conceptual lenses through which to view employees’ adherence to information...
Taking responsibility for online protection – why citizens have their part to play
When considering the responsibility for the protection of the individual from online threats, opinion is often divided about whether it resides with technology manufacturers or end users. In this research we present the thesis that while manufacturers are becoming...
Helpful self-control: Autonomy support, vitality, and depletion
Through three experiments, the authors of this paper suggest those who feel compelled to exert self-control may find a task more depleting than those who voluntarily exert self-control.
Behavioral response to phishing risk
Tools that aim to combat phishing attacks must take into account how and why people fall for them in order to be effective. This study reports a pilot survey of 232 computer users to reveal predictors of falling for phishing emails, as well as trusting legitimate...
A (my) space of one ‘s own: On privacy and online social networks
Participants in online social networking sites (OSNs) such as MySpace and Facebook (among hundreds of others) revel in the freedom and communion facilitated by the burgeoning social Internet. They often express offense or a feeling of intrusion when their online...
Making security usable: Are things improving?
Given the increased focus on the need for usable security, it is now to be hoped that the issue will receive greater attention in new software releases. Unfortunately, however, there is still evidence to suggest that usable security receives insufficient consideration...
Security when people matter: Structuring incentives for user behavior
This paper discusses the role of humans as "smart components" in a system, emphasizing that their autonomy must be respected and incentives should be provided to induce desired behavior. The authors argue that a misalignment of incentives can often lead to system...
Anti-phishing Phil: The design and evaluation of a game that teaches people not to fall for phish
This article presents the development and assessment of Anti-Phishing Phil, a web-based game aimed at instilling safe online practices to protect users from phishing threats. The game was crafted following educational science guidelines and underwent several rounds of...