Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Security threat report 2014
The 2014 Security Threat Report discusses the evolution of the cyber threat landscape. It suggests that less skilled cybercriminals are being pushed out of the market, leading to a survival of the fittest scenario. This evolution is expected to result in fewer, but...
Control-related motivations and information security policy compliance: The role of autonomy and efficacy.
Employees’ failures to follow information security policy can be costly to organizations, causing organizations to implement security controls to motivate secure behavior. Information security research has explored many control-related motivations (e.g.,...
Guide to measuring privacy concern: Review of survey and observational instruments
The ongoing debate about online privacy attests to the concerns of web users. These privacy anxieties encourage consumers to adopt data protection features, shape their valuation of existing features, and can guide their preferences among competing businesses....
National safety management society October 2013 digest (O’Neill exemplifies safety leadership)
The O'Neill Exemplifies Safety Leadership subsection of this NSMS Digest focuses on former secretary of the U.S. Treasury Paul O'Neill's advocation of transparency in safety measures. O'Neill argues for real-time information on who may have had their safety...
From information security to cyber security
This paper discusses the common misconception of using the terms cyber security and information security interchangeably. While there is a significant overlap between the two, they are not entirely synonymous. The paper suggests that cyber security extends beyond the...
Restrictive deterrent effects of a warning banner in an attacked computer system
System trespassing by computer intruders is a growing concern among millions of Internet users. However, little research has employed criminological insights to explore the effectiveness of security means to deter unauthorized access to computer systems. Drawing on...
Investigating phishing victimization with the Heuristic-Systematic model: A theoretical framework and an exploration
To the extent that phishing has become a serious threat to information security, there has been rather limited theory-grounded research on this burgeoning phenomenon. In this paper, we develop a theoretical model of victimization by phishing based on the...
Home user security- from thick security-oriented home users to thin security- oriented home users
In the technological world in which we live, access to the Internet is no longer a luxury. Rather, it is a necessity and a lifeline to many. The Internet is used, amongst other things for obtaining information, for doing business and for social networking. However,...
Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory
It is widely agreed that a large amount of information systems (IS) security incidents occur in the workplace because employees subvert existing IS Security Policy (ISSP). In order to understand the factors that constrain employees from deviance and violation of the...
Keeping up with the Joneses: Assessing phishing susceptibility in an email task
Most prior research on preventing phishing attacks focuses on technology to identify and prevent the delivery of phishing emails. The current study supports an ongoing effort to develop a user-profile that predicts when phishing attacks will be successful. We sought...
Can we sell security like soap?: A new approach to behaviour change
Many organisations run security awareness programmes with the aim of improving end user behaviours around information security. Yet behavioural research tells us that raising awareness will not necessarily lead to behaviour change. In this paper we examine the...
Going spear phishing: Exploring embedded training and awareness
To explore the effectiveness of embedded training, researchers conducted a large-scale experiment that tracked workers' reactions to a series of carefully crafted spear phishing emails and a variety of immediate training and awareness activities. Based on behavioral...
Measuring expertise and bias in cyber security using cognitive and neuroscience approaches
Toward the ultimate goal of enhancing human performance in cyber security, we attempt to understand the cognitive components of cyber security expertise. Our initial focus is on cyber security attackers – often called “hackers”. Our first aim is to develop behavioral...
Alice in warningland: A large-scale field study of browser security warning effectiveness
We empirically assess whether browser security warnings are as ineffective as suggested by popular opinion and previous literature. We used Mozilla Firefox and Google Chrome’s in-browser telemetry to observe over 25 million warning impressions in situ. During our...
Using behavioral economics for postsecondary success
Many programs that aim to help individuals in postsecondary education underperform due to the fact that humans do not behave in an expected, rational way. In this report, it’s suggested that behavioural economics can provide an insight into how people behave and make...
Poverty impedes cognitive function
This paper suggests that poverty impedes cognitive functioning, as poverty-related concerns require a lot of mental resources and leave less space for other cognitive tasks. The thesis was indicated through 2 studies. Implications include avoiding cognitively taxing...
Comprehensive study on cybercrime
An in-depth and thorough study into the world of global cybercrime which highlights lessons learned from current and past cyber efforts. The study explores the global state of cybercrime, the challenges we face as we move into a digitally connected society and...
Cyber security: A longitudinal examination of undergraduate behavior and perceptions
Internet fraud continues to be a challenge in the business world. This study was undertaken to expand upon a previous study and determine if undergraduate students are at a similar cyber security risk. Findings suggest that spam and phishing are becoming less...
Improving mental models of computer security through information graphics
Many users have difficulties making effective security decisions. Education is one way to improve users’ mental models of computer security, but a common challenge is that users are not motivated to learn about security. We propose that a visual approach to education...
“Little brothers watching you:” Raising awareness of data leaks on smartphones
Today’s smartphone applications expect users to make decisions about what information they are willing to share, but fail to provide sufficient feedback about which privacy sensitive information is leaving the phone, as well as how frequently and with which entities...
The relationship between job insecurity and accident under-reporting: A test in two countries
While the issue of under-reporting accidents is becoming more acknowledged in literature, there is less understanding regarding the work environment factors that predict the severity of such under-reporting. This paper analyses data from 786 employees across 24 US...