Research Library

The world’s first globally accessible archive of research into the human aspect of cyber security and behavioural science as applied to cyber security awareness and online behavioural change.

To see the latest studies from pioneering academics, scroll down.

To illustrate the differing thoughts and emotions involved in guiding habitual and nonhabitual behavior, 2 diary studies were conducted in which participants provided hourly reports of their ongoing experiences. When participants were engaged in habitual behavior, defined as behavior that had been performed almost daily in stable contexts, they were likely to think about issues unrelated to their behavior, presumably because they did not have to consciously guide their actions. When engaged in nonbabitual behavior, or actions performed less often or in shifting contexts, participants’ thoughts tended to correspond to their behavior, suggesting that thought was necessary to guide action. Furthermore, the self-regulatory benefits of habits were apparent in the lesser feelings of stress associated with habitual than nonhabitual behavior.
Research   , ,
Personal information is scarce in computer-mediated communication. So when information about the sender is attached with his or her e-mail, this could induce a powerful effect toward the receptor. Two experiments were carried out where males and females were solicited by e-mail to respond to a survey on their foods habits. In the first experiment, students were solicited whereas, in the second experiment, people taken at random in various e-mails lists were solicited. The questionnaire was an HTML form attached with the e-mail. The signature of the solicitor was presented as of a high status (a scientist) or of a mid status (an undergraduate student). Results show that, in both experiments, subjects agreed more favorably to the request when the solicitor was of high status. The importance of social information on computer-mediated communication is used to explain such results.  
Research   ,
An article exploring the optimal amount of money to invest to protect information. This model looks at the extent to which a piece of information is vulnerable and the potential loss that would occur if it was breached, and notes that companies should spend a small fraction of the expected loss due to a security breach in order to protect the information.    
Research   ,
A report pointing out the potential costs of an inadequate infrastructure for software testing. Annual costs are estimated to be between $22.2 and $59.5 billion, with half attributable to software users and error avoidance, and the other half attributable to software developers and the additional testing used.  
Research  
Password security is essential to the security of information systems. Human fallibility makes it nearly impossible to follow all of the recommended rules simultaneously. A user with many different passwords, frequently changing, will be forced to write them down somewhere. Some systems constrain them to have a certain minimum length, or to require them to contain a combination of letters and numbers. Some systems also impose maximum lengths, and some prohibit special characters. The lack of common standards for passwords makes it difficult for a user to remember which password is used for which system. To make matters worse, systems frequently revoke a user’s access after a password has been incorrectly entered as few as three times. What is needed, then, is an analysis of passwords that takes both human factors and security into account. We must recognize that what really matters is the security of the total system-offline as well as online. This paper explores the tradeoffs that need to be made to achieve maximum security in everyday use by forgetful users.
Research  
Past studies suggest that computer security countermeasures such as security policies, systems, and awareness programs would be effective in preventing computer abuse in organizations. They are based on the general deterrence theory, which posits that when an organization implements countermeasures that threaten abusers, its computer abuse problems would be deterred. However, computer abuse problems persist in many organizations despite these measures. This article proposes a new model of computer abuse that extends the traditional model with the social criminology theories. Focusing on computer abuse within organizations, the model explains the phenomenon through social lenses such as social bonds and social learning. The new model contributes to our theoretical body of knowledge on computer abuse by providing a new angle for approaching the problem. It suggests to practitioners that both technical and social solutions should be implemented to reduce the pervasive computer abuse problems.  
Research   ,
Mother Nature knows best–How engineered organizations of the future will resemble natural-born systems.  
Research  
In this study, we analyzed Web users concerns about potential risks and harms from Web use to themselves and to society at large. In addition, we assessed how strongly users felt something should be done to address their concerns. Seventy-two individuals, 24 each from a rural community in Maine, a suburban professional community in New Jersey, and a high-technology community in California, participated in an extensive (2-hour) semistructured interview about Web security. Results show that Web users were primarily concerned about risks to Information, and secondarily about risks to People and Technology. Different sets of concerns were identified among the rural, suburban, and high-technology communities. Our discussion focuses on implications for interface design and information policy.    
Research   , , , ,
Behaviour change is an important concept in relation to health promotion and disease prevention. Self-efficacy has been identified as an important determinant of health behaviour, future health behaviour and health behaviour change. In order to effectively facilitate behaviour change, it is essential that interventions are research based, and emphasize the utility of theory in practice. The effective practice of health promotion and disease prevention requires a full understanding of the processes of patient behaviour. This article presents the role of the nurse in influencing health-related behaviour change. Self-efficacy and related but distinct theories that underpin behaviour change are discussed. The empirical evidence that supports the link between self-efficacy and predictions of health behaviours is also examined.
Research   ,
Why does suicide happen? What goes wrong? Why is it more common in some places than others? Emile Durkheim seeks out the answers in a classic text, offering an insight into the social frameworks in which we operate.  
Research  
Researchers find people’s desire for risk is not consistent in all areas, and varies between things like financial, health and social realms. Regression analysis suggests the changes are due to changes in percieved benefits and risk, as opposed to changes in attitudes.  
Research   , ,
Researchers developed and tested a new measure of ‘the need for affect’ (ie, the probability of someone approaching or avoiding emotion-inducing situations). They concluded the need for affect is important in understanding emotion-related processes.  
Research   ,
This paper discusses how fear can trigger elicitation and learning. It proposes fear is evolutionary, automatic and largely immune to conscious control and cites studies that support its propositions.  
Research   ,
Psychology is a huge subject, ranging from neuroscience through to clinical topics, and spilling over into cognate disciplines from philosophy through artificial intelligence to sociology. Although it has been studied for much longer than computer science, our understanding of the mind is much less complete: the brain is so much more complex.
Research  
Rsearchers find that fraud attempts are less likely to succeed if: the offender is a stranger; the initial contact is by telephone or mail; the potential victim has heard of the intended type of fraud beforehand, or; the potential victim attempts to investigate the person or proposition before responding.  
Research   ,
This paper investigated why our ability to control impulses wains during emotional distress. It found when people believed emotional distress to be long-term, they were better able to control impulses – suggesting indulging our impulses during times of distress is an attempt to help overcome short-term distress.  
Research   , ,
This paper argues that simply blaming users for security breaches will not lead to more effective security systems and that security designers must address the causes of undesirable user behaviour to design effective security systems. Focusing on passwords in particular, the paper’s authors conclude that addressing the causes of undesirable security behaviours shouldn’t be too difficult given the knowledge and techniques necessary to do so largely already exist.  
Research   , ,
As the use of ubiquitous multimedia communication increases so do the privacy risks associated with widespread accessibility and utilisation of data generated by such applications. Most invasions of privacy are not intentional but due to designers inability to anticipate how this data could be used, by whom, and how this might affect users. This paper addresses the problem by providing a model of user perceptions of privacy in multimedia environments. The model has been derived from an analysis of empirical studies conducted by the authors and other researchers and aids designers to determine which information users regard as private, and in which context It also identifies trade-offs that users are willing to make rendering some privacy risks acceptable. To demonstrate how this model can be used to assess the privacy implications of multimedia communications in a specific context, an example of the models application for a specific usage scenario is provided.    
Research   ,
A paper that counters the popular notion of more choice being a good thing. Research in this paper suggests humans make better choices when offered less choice..  
Research   ,
The Federal Trade Commission (FTC) is one of many organizations studying influences on consumer privacy online. The authors investigate these influences, taking into consideration the current body of literature on privacy and the Internet and the FTC’s core principles of fair information practice. The authors analyze these influences to assess the underlying factors of privacy concern online. The authors examine the current recommendations and actions of the FTC in light of the results of an e-mail survey of online consumers in the United States that assessed their attitudes toward privacy online. The authors find that the FTC’s core principles address many of online consumers’ privacy concerns. However, two factors not directly incorporated in the five principles, the relationships between entities and online users and the exchange of information for appropriate compensation, may influence consumers’ privacy concerns.
Research   ,