Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
The Internet of Things – An introduction to privacy issues with a focus on the retail and home environments
This research paper provides an overview of the Internet of Things technologies generally, and with special application in the retail and home context. It then goes on to examine some of the challenges that this new environment creates through the lens of specific...
Human behaviour as an aspect of cyber security assurance
This paper considers existing research into cyber security assurance processes in an effort to identify elements of cyber security that would benefit from further research and development. It concludes the cyber security industry would benefit from more research into...
Why Johnny still, still can’t encrypt: Evaluating the usability of a modern PGP client
This paper presents the results of a laboratory study involving Mailvelope, a modern PGP client that integrates tightly with existing webmail providers. In our study, we brought in pairs of participants and had them attempt to use Mailvelope to communicate with each...
Nudging online security behaviour with warning messages
Researchers tested the effectiveness of 9 different ways of warning users about cyber security threats. Making users aware of the steps they could take to minimise risk was effective in triggering more secure behaviour. Gain-framed messages, loss-framed messages and a...
A study on social engineering attacks and defence mechanisms
Humans are the most vulnerable points in any kind of security system because of their predictable behaviour and other psychological aspects. Yet, a lot of emphasis related to security is given to implementation of technical security via an antivirus, Intrusion...
Evaluating behaviour changed in international development operations: A new framework
On behalf of the World Bank, this paper's authors develop a tool to evaluate behaviour change interventions in the development sector. The tool can be used to assess the prevalence and integration of behaviour change concepts into the life cycle of a behaviour change...
“What can I really do?” Explaining the privacy paradox with online apathy
Based on focus group interviews, we considered how young adults’ attitudes about privacy can be reconciled with their online behavior. The “privacy paradox” suggests that young people claim to care about privacy while simultaneously providing a great deal of personal...
Data integrity attacks and defenses for Intel lab sensor network
Wireless sensor networks have been increasingly popular and they have been deployed in a wide range of areas including transportation system, healthcare, robotics, and smart home. Wireless sensor networks have facilitated our life using the remote sensing ability....
Awareness is only the first step
Improving cyber security awareness is often assumed to improve cyber security, however this paper suggests it's necessary for people to be engaged in cyber security in order to make people a robust cyber defence. The paper builds a model for engaging people in cyber...
Password security: An empirical study
One of the most common control mechanisms for authenticating users of computerized information systems is the use of passwords. Despite the widespread use of passwords, little attention has been given to the characteristics of their actual use. This paper addresses...
Online privacy tools for the general public
Taking into account the increasing need for online data protection and the availability of numerous Privacy Enhancing Technologies (PETs) for internet and mobile users, ENISA conducted, under its 2015 work programme, a study on online privacy tools, aiming at...
Awareness, behaviour and culture: The ABC in cultivating security compliance
A substantial proportion of security breaches stem from human factors, necessitating their consideration alongside technical elements. Scholars propose that a security culture fosters suitable employee behaviors leading to compliance. Consequently, organizations...
Will the “Phisher-Men” reel you in?: Assessing individual differences in a phishing detection task
Phishing is an act of technology-based deception that targets individuals to obtain information. To minimize the number of phishing attacks, factors that influence the ability to identify phishing attempts must be examined. The present study aimed to determine how...
Smart insiders: Exploring the threat from insiders using the Internet-of-Things
The Internet-of-Things (IoT) is set to be one of the most disruptive technology paradigms since the advent of the Internet itself. Market research company Gartner estimates that around 4.9 billion connected things will be in use in 2015, and around 25 billion by 2020....
Cybersecurity’s human factor: Lessons from the Pentagon
The article shares the US Defense Department’s approach to addressing the human side of cyber security, allowing business leaders to apply the same framework to their own organisations.
Information security conscious care behaviour formation in organizations
Technological solutions alone can't assure information security. User behavior plays a pivotal role in this field. Given its vast expanse, the Internet offers numerous possibilities for security infringements. Attackers utilize various methods to alter the...
Anonymity, privacy, and security online
This survey by the Pew Research Center’s Internet Project asked 1,002 adults about their Internet habits. It is laid out in five parts: the quest for anonymity online; concerns about personal information online; who internet users are trying to avoid, the information...
The online dating romance scam: The psychological impact on victims – both financial and non-financial
This paper finds for most people, the loss of a relationship following the culmination of an online dating scam is more unsettling than any financial losses suffered. According to the paper, few victims of online dating scams find a sufficient way to cope following...
On cyber security, technology and human behaviors
According to this post, it’s important to take an innovative approach when it comes to cyber security as conventional means (such as posters or one-time awareness training) do not change behavior. Further, the post suggests risk-mitigating behaviors must become...
Implicit measures and online risks
Information systems researchers typically use self-report measures, such as questionnaires to study consumers’ online risk perception. The self-report approach captures the conscious perception of online risk but not the unconscious perception that precedes and...
Risk, risk perception, risk management – A review of the literature
This paper aims to summarize the findings of risk research across various fields and examine their impact on risk management practices. The fundamental approaches to risk discussed in this paper suggest that the concepts of probability used in studying processes in...