Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Assessing the security perceptions of personal internet users
Personal Internet users are increasingly finding themselves exposed to security threats during their use of home PC systems. However, concern can be raised about users’ awareness of these problems, and the extent to which they are consequently protected and equipped...
Phishing: Can we spot the signs?
Dr Steven Furnell at Plymouth University has conducted research, which looks at why some computer users still can't tell the difference between an official email and a phishing scam. Steven Furnell looks at the increasing sophistication of phishing emails and examines...
Fear appeal messages affect accessibility of attitudes toward the threat and adaptive behaviorss
Fear appeals have long been used in persuasive messages to motivate people to perform adaptive behaviors. This research explored the influence of a fear appeal message concerning breast cancer on attitude accessibility. Messages advocating the efficacy of breast...
A video game for cyber security training and awareness
Although many of the concepts included in cyber security awareness training are universal, such training often must be tailored to address the policies and requirements of a particular organization. In addition, many forms of training fail because they are rote and do...
User security behavior on wireless networks: An empirical study
Wireless networks are rapidly becoming ubiquitous but are often insecure and leave users responsible for their own security. We empirically study whether users are successfully securing their client computers when using wireless networks. Automated techniques are used...
Human vulnerabilities in security systems
This whitepaper discusses human vulnerabilities in full, including what they are, why they occur, how they can be mitigated, the challenges of mitigation and potential areas for further research.
What instills trust? A qualitative study of phishing
A paper on the factors that make phishing emails and web pages appear authentic and on the factors that make legitamate content appear dubious. Authors draw nine conclusions.
Improving security decisions with polymorphic and audited dialogs
Context-sensitive guidance (CSG) can help users make better security decisions. Applications with CSG ask the user to provide relevant context information. Based on such information, these applications then decide or suggest an appropriate course of action. However,...
Email end users and spam: Relations of gender and age group to attitudes and actions
As the problem of spam email increases, we examined users’ attitudes toward and experience with spam as a function of gender and age. College-age, working-age, and retirement-age men and women were surveyed. Most respondents strongly disliked receiving spam yet took...
Phishing IQ tests measure fear, not ability
We argue that phishing IQ tests fail to measure susceptibility to phishing attacks. We conducted a study where 40 subjects were asked to answer a selection of questions from existing phishing IQ tests in which we varied the portion (from 25% to 100%) of the questions...
Genre, narrative and the “Nigerian Letter” in electronic mail
This paper analyses 111 'Nigerian' emails, concluding typical emails draw on a predictable form, purpose and tone designed to appeal to greed, charity, heroism, and other powerful and compelling emotions, and thus trick victims.
Social psychological factors in lifestyle change and their relevance to policy
This article examines the social psychological theories and research that can be used to design better behaviour interventions. Although the paper focuses on health, the review could be applied in a wide variety of contexts – cyber security included.
Impeding ecological sustainability through selective moral disengagement
This paper discusses moral disengagement, with an emphasis on how moral disengagement impedes ecological sustainability. The author notes moral disengagement comes about through: exonerative comparisons that render detrimental practices as righteous; the use of...
Which factors explain employees’ adherence to information security policies? An empirical study
It is widely agreed that a key threat to information security is caused by careless employees who do not adhere to the information security policies of their organizations. In order to ensure that employees comply with the organization’s information security...
Deceit and deception: A large user study of phishing
This study is a large scale investigation of trust manipulation tactics used by phishing web sites and email messages. The experiment focuses on media authenticity evaluations, rather than content credibility with the assumption that its authors are known. It tests...
Investigating the concept of information security culture
The concept of an 'information security culture' is relatively new. A review of published research on the topic suggests that it is not the information security panacea that has been suggested. Instead it tends to refer to a range of existing techniques for addressing...
Factors influencing protection motivation and IS security policy compliance
The key threat to IS security is constituted by careless employees who do not comply with IS security policies. To ensure that employees comply with organizations' IS security procedures, a number of IS security policy compliance means have been proposed in the past....
Cultivating an organizational information security culture
This paper emphasizes that an information security solution is a crucial element for any organization. One of the main challenges in integrating information security into an organization is the actions and behaviors of employees. For information security to become...
Decision strategies and susceptibility to phishing
This study reports on what everday user do when they come across suspicious emails. An analysis suggests people can manage risks they're familiar with but are unable to extrapolate their strategies to deal with unfamiliar risks.
Password management strategies for online accounts
Given the widespread use of password authentication in online correspondence, subscription services, and shopping, there is growing concern about identity theft. When people reuse their passwords across multiple accounts, they increase their vulnerability;...
Imagined communities: Awareness, information sharing, and privacy on the facebook
Online social networks such as Friendster, MySpace, or the Facebook have experienced exponential growth in membership in recent years. These networks offer attractive means for interaction and communication, but also raise privacy and security concerns. In this study...