Select Page

Research Library

The world’s first globally accessible archive of research into the human aspect of cyber security and behavioral science as applied to cyber security awareness and online behavioral change.

A (my) space of one ‘s own: On privacy and online social networks

Participants in online social networking sites (OSNs) such as MySpace and Facebook (among hundreds of others) revel in the freedom and communion facilitated by the burgeoning social Internet. They often express offense or a feeling of intrusion when their online...

Making security usable: Are things improving?

Given the increased focus on the need for usable security, it is now to be hoped that the issue will receive greater attention in new software releases. Unfortunately, however, there is still evidence to suggest that usable security receives insufficient consideration...

Security when people matter: Structuring incentives for user behavior

Humans are "smart components" in a system, but cannot be directly programmed to perform; rather, their autonomy must be respected as a design constraint and incentives provided to induce desired behavior. Sometimes these incentives are properly aligned, and the humans...

The human factor in phishing

We discuss the importance of understanding psychological aspects of phishing, and review some recent findings. Given these findings, we critique some commonly used security practices and suggest and review alternatives, including educational approaches. We suggest a...

Social phishing

This study aimed to reveal a baseline level of phishing success, finding a success rate of 16% when phishing emails were sent from unknown senders, rising to a full 72% when phishing emails appeared to be from known senders.    

Assessing the security perceptions of personal internet users

Personal Internet users are increasingly finding themselves exposed to security threats during their use of home PC systems. However, concern can be raised about users’ awareness of these problems, and the extent to which they are consequently protected and equipped...

Phishing: Can we spot the signs?

Dr Steven Furnell at Plymouth University has conducted research, which looks at why some computer users still can't tell the difference between an official email and a phishing scam. Steven Furnell looks at the increasing sophistication of phishing emails and examines...

A video game for cyber security training and awareness

Although many of the concepts included in cyber security awareness training are universal, such training often must be tailored to address the policies and requirements of a particular organization. In addition, many forms of training fail because they are rote and do...