There are a number of standards and frameworks for security risk assessment; however, it appears that their application and adaptation to real organisational practices are rather limited. This paper reports some results from inquiries into risk assessment practices of security professionals in Ireland. The key findings show a lack of consensus on basic terminology when...
How do professionals assess security risks in practice? An exploratory study
How to keep your information secure? Toward a better understanding of users security behavior
Use of computers and the Internet is an integral part of our lives, with business becoming more digital. As a result, individuals are using their home computers to perform diverse tasks and to store sensitive data. This paper investigates the relative efficacy of two strategies to protect home computers from security threats: security tools and...
Emotional cost of cyber crime and cybersecurity protection motivation behaviour: A systematic literature review
The impact of a cyberattack on an organisation is multifaceted, at the employee level, cyber threat is a sensitive issue which needs further understanding. Founded in psychology research, emotions affect protection motivation behaviours at the individual level in the context of cybersecurity. The majority of the research studies focus on how external factors affect employees'...
Characterizing and measuring maliciousness for cybersecurity risk assessment
Cyber attacks have been increasingly detrimental to networks, systems, and users, and are increasing in number and severity globally. To better predict system vulnerabilities, cybersecurity researchers are developing new and more holistic approaches to characterizing cybersecurity system risk. The process must include characterizing the human factors that contribute to cyber security vulnerabilities and risk. Rationality,...
Cyber security awareness campaigns: Why do they fail to change behaviour?
The present paper focuses on Cyber Security Awareness Campaigns, and aims to identify key factors regarding security which may lead them to failing to appropriately change people’s behaviour. Past and current efforts to improve information-security practices and promote a sustainable society have not had the desired impact. It is important therefore to critically reflect on...
Cybersecurity risk management in small and medium-sized enterprises; A systematic review of recent evidence
Small and medium-sized enterprises (SMEs) have been encouraged to take advantage of any possible business opportunities by utilizing and adopting new-technologies such as cloud computing services, there is a huge misunderstanding of their cyber threats from the management perspective. Underestimation of cybersecurity threats by SMEs leads to an increase in their vulnerabilities and risks, which...
Employees attitude towards cyber security and risky online behaviours: An empirical assessment in the United Kingdom
The present study aimed to explore if the size of company an individual works for, age or attitudes towards cyber security affected frequency to engage in risky online behaviours. A total of 515 participants aged between 18-84 in full or part-time employment were asked to complete a questionnaire that consisted of two scales. One measured...
Analysis on cookies and cybersecurity
Cookies are essential to the modern internet. People use cookies and other tracking technologies to integrate the browsing experience of websites, present personalized content and targeted advertising, understand the origin of their audience, and analyze web traffic. In most cases, by clicking “yes” or “I accept,” people will agree to the use of tracking technologies...
Hacking the human: the prevalence paradox in cybersecurity
Objective: This work assesses the efficacy of the “prevalence effect” as a form of cyberattack in human-automation teaming, using an email task. Background: Under the prevalence effect, rare signals are more difficult to detect, even when taking into account their proportionally low occurrence. This decline represents diminished human capability to both detect and respond. As...
Sensitizing employees’ corporate IS security risk perception
Motivated by recent practical observations of employees’ unapproved sourcing of cloud services at work, this study empirically evaluates bring your own cloud (BYOC) policies and social interactions of the IT department to sensitize employees’ security risk perception. Based on social information processing theory, BYOC strategies varying in the level of restriction from the obligatory, recommended,...
End user perception of online risk under uncertainty
In this paper we leverage a canonical nine dimensional model of offline risk perception to better understand online risk perceptions. Understanding risk perception facilitates the development of better risk communication and mitigation technologies. We conducted a classic off-line survey to identify the dimensions of online risk perceptions of end users. These results were different from...
End-user security culture: A lesson that will never be learnt?
Professor Steven Furnell looks at reckless users online, as they make friends with complete strangers, even putting themselves at risk.