Cybersecurity controls are deployed to manage risks posed by malicious behaviours or systems. What is not often
considered or articulated is how cybersecurity controls may impact legitimate users (often those whose use of a managed system needs to be protected, and preserved). This characterises the ‘blunt’ nature of many cybersecurity controls.
This study presents a synthesis of methods from cybercrime opportunity reduction and behaviour change. It illustrates the method and principles with a range of examples and a case study focusing on online abuse and social media controls,
relating in turn to issues inherent in cyberbullying and tech-abuse. The framework describes a capacity to improve the precision of cyber security controls, identifying opportunities for risk owners to better protect legitimate users while simultaneously acting to prevent malicious activity in a managed system.
Is cybersecurity research missing a trick? Integrating insights from the psychology of habit into research and practice.
The idea that people should form positive security habits is gaining increasing attention amongst security...