We are currently living in an age, where the use of the Internet has become second nature to millions of people. Not only businesses depend on the Internet for all types of electronic transactions, but more and more home users are also experiencing the immense benefit...
Research Library
The world’s first globally accessible archive of research into the human aspect of cyber security and behavioral science as applied to cyber security awareness and online behavioral change.
Policies and procedures to manage employee Internet abuse
Industry analysts estimate that billions of dollars in lost revenue were attributed to employee Internet abuse. Trends also suggest that lost job productivity and corporate liability have emerged as new workplace concerns due to growth of new online technologies and...
It’s too complicated, so I turned it off!: Expectations, perceptions, and misconceptions of personal firewalls
Even though personal firewalls are an important aspect of security for the users of personal computers, little attention has been given to their usability. We conducted semi-structured interviews with a diverse set of participants to gain an understanding of their...
Neutralization: New insights into the problem of employee information systems security policy violations
Employees' failure to comply with information systems security policies is a major concern for information technology security managers. In efforts to understand this problem, IS security researchers have traditionally viewed violations of IS security policies through...
Strangers on a plane: Context-dependent willingness to divulge sensitive information
New marketing paradigms that exploit the capabilities for data collection, aggregation, and dissemination introduced by the Internet provide benefits to consumers but also pose real or perceived privacy hazards. In four experiments, we seek to understand consumer...
Assessing insider threats to information security using technical, behavioural and organisational measures
Insider threat is a reality. Assessing the insider threat is the first step to determine the likelihood of any insider attack. Technical solutions do not suffice since insider threats are fundamentally a people issue. Therefore, a three-pronged approach -...
Insiders’ protection of organizational information assets: A multidimensional scaling study of protection-motivated behaviors
Protecting information from a wide variety of security threats is an important and sometimes daunting organizational activity. Instead of relying solely on technological advancements to help solve human problems, managers within firms must recognize and understand the...
Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness
Many organizations recognize that their employees, who are often considered the weakest link in information security, can also be great assets in the effort to reduce risk related to information security. Since employees who comply with the 1 Mikko Siponen was the...
Encountering stronger password requirements
Text-based passwords are still the most commonly used authentication mechanism in information systems. We took advantage of a unique opportunity presented by a significant change in the Carnegie Mellon University (CMU) computing services password policy that required...
The challenges of understanding users’ security-related knowledge, behaviour, and motivations
In order to improve current security solutions or devise novel ones, it is important to understand users’ knowledge, behaviour, motivations and challenges in using a security solution. However, achieving this understanding is challenging because of the limitations of...