Wireless networks are rapidly becoming ubiquitous but are often insecure and leave users responsible for their own security. We empirically study whether users are successfully securing their client computers when using wireless networks. Automated techniques are used...
The world’s first globally accessible archive of research into the human aspect of cyber security and behavioural science as applied to cyber security awareness and online behavioural change.
To see the latest studies from pioneering academics, scroll down.
Human vulnerabilities in security systems
This whitepaper discusses human vulnerabilities in full, including what they are, why they occur, how they can be mitigated, the challenges of mitigation and potential areas for further research.
What instills trust? A qualitative study of phishing
A paper on the factors that make phishing emails and web pages appear authentic and on the factors that make legitamate content appear dubious. Authors draw nine conclusions.
Improving security decisions with polymorphic and audited dialogs
Context-sensitive guidance (CSG) can help users make better security decisions. Applications with CSG ask the user to provide relevant context information. Based on such information, these applications then decide or suggest an appropriate course of action. However,...
Email end users and spam: Relations of gender and age group to attitudes and actions
As the problem of spam email increases, we examined users’ attitudes toward and experience with spam as a function of gender and age. College-age, working-age, and retirement-age men and women were surveyed. Most respondents strongly disliked receiving spam yet took...
Phishing IQ tests measure fear, not ability
We argue that phishing IQ tests fail to measure susceptibility to phishing attacks. We conducted a study where 40 subjects were asked to answer a selection of questions from existing phishing IQ tests in which we varied the portion (from 25% to 100%) of the questions...
Genre, narrative and the “Nigerian Letter” in electronic mail
This paper analyses 111 'Nigerian' emails, concluding typical emails draw on a predictable form, purpose and tone designed to appeal to greed, charity, heroism, and other powerful and compelling emotions, and thus trick victims.
Social psychological factors in lifestyle change and their relevance to policy
This article examines the social psychological theories and research that can be used to design better behaviour interventions. Although the paper focuses on health, the review could be applied in a wide variety of contexts – cyber security included.
Impeding ecological sustainability through selective moral disengagement
This paper discusses moral disengagement, with an emphasis on how moral disengagement impedes ecological sustainability. The author notes moral disengagement comes about through: exonerative comparisons that render detrimental practices as righteous; the use of...
Which factors explain employees’ adherence to information security policies? An empirical study
It is widely agreed that a key threat to information security is caused by careless employees who do not adhere to the information security policies of their organizations. In order to ensure that employees comply with the organization’s information security...