Theory provides a helpful basis for designing interventions to change behaviour but offers little guidance on how to do this. This paper aims to illustrate methods for developing an extensive list of behaviour change techniques (with definitions) and for linking...
Research Library
The world’s first globally accessible archive of research into the human aspect of cyber security and behavioral science as applied to cyber security awareness and online behavioral change.
The role of cyber-security in information technology education
Recent reports indicate a shortage of approximately 20,000- 30,000 qualified cyber-security specialists in the US Public Sector alone despite being one of the best financially compensated technology-related domains. Against ever evolving cyber-threats the need to...
Malware detection and removal: An examination of personal anti-virus software
SoHo users are increasingly faced with the dilemma of applying appropriate security mechanisms to their computer with little or no knowledge of which countermeasure will deal with which potential threat. As problematic as it may seem for individuals to apply...
User perceptions of software with embedded spyware
An experimental study was undertaken requiring subjects to use an online analytical processing software product. After use, the experimental group was told spyware was embedded in the software. Questionnaire responses for the experimental and control group were...
Spyware and adware: How do internet users defend themselves?
The spread of broadband Internet has resulted in the increase of spyware and adware. This study highlights their damaging effects and proposes a model that captures defensive measures adopted by Internet users. Specifically, our model indicates that knowledge has a...
Wisecrackers: A theory-grounded investigation of phishing and pretext social engineering threats to information security
The collection and dissemination of information about people by businesses and governments is ubiquitous. One of the main threats to people's privacy comes from human carelessness with this information, yet little empirical research has studied behaviors associated...
Out of fear or desire: Why do employees follow information systems security policies?
Two well-grounded motivational models—command-and-control and self-regulation, which are viewed as competing explanations of why individuals follow rules (Tyler and Blader 2005)—are used as conceptual lenses through which to view employees’ adherence to information...
Taking responsibility for online protection – why citizens have their part to play
When considering the responsibility for the protection of the individual from online threats, opinion is often divided about whether it resides with technology manufacturers or end users. In this research we present the thesis that while manufacturers are becoming...
Helpful self-control: Autonomy support, vitality, and depletion
Through three experiments, the authors of this paper suggest those who feel compelled to exert self-control may find a task more depleting than those who voluntarily exert self-control.
Behavioral response to phishing risk
Tools that aim to combat phishing attacks must take into account how and why people fall for them in order to be effective. This study reports a pilot survey of 232 computer users to reveal predictors of falling for phishing emails, as well as trusting legitimate...