Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords
Previous research has found graphical passwords to be more memorable than non-dictionary or "strong" alphanumeric passwords. Participants in a prior study expressed concerns that this increase in memorability could also lead to an increased susceptibility of graphical...
A socio-behavioral study of home computer users’ intention to practice security
Home computer users play a crucial role in securing the cyberspace, but the protection of home computers is left to the initiative of the users. In this study, we focus on the sociobehavioral perspective, as the behavior of home computer users on security issues is...
Usable security: Why do we need it? How do we get it?
Commonly, individuals are referred to as "the most fragile component" in the structure of system security by security specialists. Notorious hacker Kevin Mitnick stated that he seldom resorted to password cracking, finding it much easier to trick individuals into...
The insider threat to information systems and the effectiveness of ISO17799
Insider threat is widely recognised as an issue of utmost importance for IS security management. In this paper, we investigate the approach followed by ISO17799, the dominant standard in IS security management, in addressing this type of threat. We unfold the...
Protecting users against phishing attacks with AntiPhish
Phishing is a form of online identity theft that aims to steal sensitive information such as online banking passwords and credit card information from users. Phishing scams have been receiving extensive press coverage because such attacks have been escalating in...
An application of deterrence theory to software piracy
Although the research on software piracy is growing, criminologists have not examined the role of deterrence in software piracy. Using data collected from 382 undergraduate students attending a southeastern university, this study examined the role of deterrence in...
Analysis of end user security behaviors
This article outlines the process of developing a taxonomy of end user security-related behaviors, testing its consistency, and using it to conduct a U.S. survey on key end user behaviors. The study involved interviewing 110 individuals knowledgeable about end user...
Cross-cultural differences in relationship- and group-based trust
This study suggests Japanese and American people exhibit trust based on different things as the existence of a potential indirect relationship increased trust of outgroup members more for Japanese people than for Americans.
Moral psychology and information ethics: Psychological distance and the components of oral action in a digital world
This paper suggests technology can create a psychological distance between users that impacts four components of moral behaviour (sensitivity, judgment, motivation, and action). According to the paper, the psychological distance facilitates crimes like piracy and...
Positive emotions broaden the scope of attention and thought-action repertoires
This study found positive emotions increase attention and encouraged new thoughts and actions, and that negative emotions discouraged new thoughts and actions. The findings are in accordance with broaden-and-build theory.
Do information security policies reduce the incidence of security breaches: An exploratory analysis.
Information is a critical corporate asset, which has become increasingly vulnerable to attacks from viruses, hackers, criminals and human error. Consequently, organizations are having to prioritise the security of their computer systems, to ensure that their...
Computer security and risky computing practices: A rational choice perspective
Despite rapid technological advances in computer hardware and software, insecure behavior by individual computer users continues to be a significant source of direct cost and productivity loss. Why do individuals, many of whom are aware of the possible grave...
Managing the unexpected
What makes some organisations more reliable than others? The authors of Managing the Unexpected believe the answer lies in the differences in behaviours and learning styles of highly reliable organisations and organisations that are relatively unreliable. This book...
Bridging the gap between organisational and user perspectives of security in the clinical domain
An understanding of ‘communities of practice’ can help to make sense of existing security and privacy issues within organizations; the same understanding can be used proactively to help bridge the gap between organizational and end-user perspectives on these matters....
A protection motivation theory approach to home wireless security
Research in socio-technical factors in computer security has traditionally focused on employees and their work practice within the premises of the organization. However, with universal access to computing and the diverse means of connecting such devices to each...
The nature and replication of routines
This paper seeks to properly define routines to facilitate further empirical research into how routines are built and how routines can be changed. Broadly, it defines routines as dispositions that trigger patterns of behaviours in a group of individuals, following...
Internet users’ information privacy concerns (IUIPC): The construct, the scale, and a causal model
The lack of consumer confidence in information privacy has been identified as a major problem hampering the growth of e-commerce. Despite the importance of understanding the nature of online consumers' concerns for information privacy, this topic has received little...
Behavioral information security: Two end user survey studies of motivation and security practices
Information security is a multibillion-dollar problem faced by commercial and government organizations around the world. Through their adverse effects on organizational information systems, malware, hackers, and malicious insiders jeopardize organizations’...
The 10 deadly sins of information security management
This paper identifies 10 essential aspects, which, if not taken into account in an information security governance plan, will surely cause the plan to fail, or at least, cause serious flaws in the plan. These 10 aspects can be used as a checklist by management to...
Privacy policies as decision-making tools: An evaluation of online privacy notices
Studies have repeatedly shown that users are increasingly concerned about their privacy when they go online. In response to both public interest and regulatory pressures, privacy policies have become almost ubiquitous. An estimated 77% of websites now post a privacy...
Psychological ownership and feelings of possession: Three field studies predicting employee attitudes and organizational citizenship behavior
This study investigates the relationships between psychological ownership and work attitudes and behaviors. Hypotheses were developed based on the psychology of possession and psychological ownership literatures. These hypotheses were tested using data from three...