Research focusing on educating users about phishing and identifying phishing emails, as opposed to using technology for prevention and detection. The research identified multiple problems, namely: that people were not motivated to learn about security; that security...
Research Library
The world’s first globally accessible archive of research into the human aspect of cyber security and behavioural science as applied to cyber security awareness and online behavioural change.
To see the latest studies from pioneering academics, scroll down.
Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness
This paper develops and tests a theoretical model of the incentive effects of penalties, pressures and perceived effectiveness of employee actions.
On the failure to eliminate hypotheses in a conceptual task
This study examines the extent to which individuals seek confirming – or disconfirming – evidence, instead of actually testing a hypothesis. Results indicated that, often, individuals are unwilling (or unable) to test their hypotheses.
Understanding scam victims: Seven principles for systems security
The success of many attacks on computer systems can be traced back to the security engineers not understanding the psychology of the system users they meant to protect. We examine a variety of scams and “short cons” that were investigated, documented and recreated for...
Revealing hidden context: Improving mental models of personal firewall users
The Windows Vista personal firewall provides its diverse users with a basic interface that hides many operational details. However, concealing the impact of network context on the security state of the firewall may result in users developing an incorrect mental model...
Understanding user behavior towards passwords through acceptance and use modelling
The security of computer systems that store our data is a major issue facing the world. This research project investigated the roles of ease of use, facilitating conditions, intention to use passwords securely, experience and age on usage of passwords, using a model...
Playing safe : A prototype game for raising awareness of social engineering
Social engineering is now a major threat to users and systems in the online context, and it is therefore vital to educate potential victims in order to reduce their susceptibility to the related attacks. However, as with other aspects of security education, this...
A study of employees’ attitudes towards organisational information security policies in the UK and Oman
There is a need to understand what makes information security successful in an organization. What are the threats that the organization must deal with and what are the criteria of a beneficial information security policy? Policies are in place, but why employees are...
The effectiveness of deceptive tactics in phishing
Phishing, or the attempt of criminals to obtain sensitive information through a variety of techniques, is still a serious problem for IT managers and Internet consumers. With over 57 million Americans exposed to phishing in 2005, a reported 5% of recipients were...
Exploring the relationship between organizational culture and information security culture
Managing Information Security is becoming more challenging in today’s business because people are both a cause of information security incidents as well as a key part of the protection from them. As the impact of organizational culture (OC) on employees is...