Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
The persuasive influence of emotion in cancer prevention and detection messages
This paper reviews literature on the relationship between emotion and persuasion, with a focus on how the relationship might be harnessed to persuade people to both check for and take actions to prevent cancer. It suggests messages should select a particular emotion...
Why phishing works
Researchers exploring why phishing continues to fool people asked 22 people to categorise 20 websites as either fraudulent or legitimate. They found 23% of participants did not look at browser-based security cues, leading to incorrect choices 40% of the time. They...
A framework for understanding trust factors in web-based health advice
Researchers present a framework for understanding what it is that makes people either accept or reject health advice offered online. An experiment suggests credibility of information and personalisation of content predict acceptance of advice, whereas design appeal...
Identity fraud: What about the victim?
This study assesses the impact of identity fraud on victims, finding: victims' identities were most likely to have been used to apply for a store card, credit card and/or mobile phone account; that 14 per cent of victims lost money from personal accounts or credit...
Assessing end-user awareness of social engineering and phishing
This experiment revolved around a web-based survey, which presented a mix of 20 legitimate and illegitimate emails to participants. Researchers asked participants to classify emails as either legitimate or illegitimate and explain their rationale. The 179 participants...
Risk communication, risk perception and information security
This paper puts forward the view that an individuals perception of the risks associated with information systems determines the likelihood and extent to which she or he will engage in risk taking behaviour when using a computer. It is suggested that this behavior can...
Don’t be a phish : Steps in user education
Phishing, e-mails sent out by hackers to lure unsuspecting victims into giving up confidential information, has been the cause of countless security breaches and has experienced in the last year an increase in frequency and diversity. While regular phishing attacks...
A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords
Previous research has found graphical passwords to be more memorable than non-dictionary or "strong" alphanumeric passwords. Participants in a prior study expressed concerns that this increase in memorability could also lead to an increased susceptibility of graphical...
A socio-behavioral study of home computer users’ intention to practice security
Home computer users play a crucial role in securing the cyberspace, but the protection of home computers is left to the initiative of the users. In this study, we focus on the sociobehavioral perspective, as the behavior of home computer users on security issues is...
Usable security: Why do we need it? How do we get it?
Commonly, individuals are referred to as "the most fragile component" in the structure of system security by security specialists. Notorious hacker Kevin Mitnick stated that he seldom resorted to password cracking, finding it much easier to trick individuals into...
The insider threat to information systems and the effectiveness of ISO17799
Insider threat is widely recognised as an issue of utmost importance for IS security management. In this paper, we investigate the approach followed by ISO17799, the dominant standard in IS security management, in addressing this type of threat. We unfold the...
Protecting users against phishing attacks with AntiPhish
Phishing is a form of online identity theft that aims to steal sensitive information such as online banking passwords and credit card information from users. Phishing scams have been receiving extensive press coverage because such attacks have been escalating in...
An application of deterrence theory to software piracy
Although the research on software piracy is growing, criminologists have not examined the role of deterrence in software piracy. Using data collected from 382 undergraduate students attending a southeastern university, this study examined the role of deterrence in...
Analysis of end user security behaviors
This article outlines the process of developing a taxonomy of end user security-related behaviors, testing its consistency, and using it to conduct a U.S. survey on key end user behaviors. The study involved interviewing 110 individuals knowledgeable about end user...
Cross-cultural differences in relationship- and group-based trust
This study suggests Japanese and American people exhibit trust based on different things as the existence of a potential indirect relationship increased trust of outgroup members more for Japanese people than for Americans.
Moral psychology and information ethics: Psychological distance and the components of oral action in a digital world
This paper suggests technology can create a psychological distance between users that impacts four components of moral behaviour (sensitivity, judgment, motivation, and action). According to the paper, the psychological distance facilitates crimes like piracy and...
Positive emotions broaden the scope of attention and thought-action repertoires
This study found positive emotions increase attention and encouraged new thoughts and actions, and that negative emotions discouraged new thoughts and actions. The findings are in accordance with broaden-and-build theory.
Do information security policies reduce the incidence of security breaches: An exploratory analysis.
Information is a critical corporate asset, which has become increasingly vulnerable to attacks from viruses, hackers, criminals and human error. Consequently, organizations are having to prioritise the security of their computer systems, to ensure that their...
Computer security and risky computing practices: A rational choice perspective
Despite rapid technological advances in computer hardware and software, insecure behavior by individual computer users continues to be a significant source of direct cost and productivity loss. Why do individuals, many of whom are aware of the possible grave...
Managing the unexpected
What makes some organisations more reliable than others? The authors of Managing the Unexpected believe the answer lies in the differences in behaviours and learning styles of highly reliable organisations and organisations that are relatively unreliable. This book...
Bridging the gap between organisational and user perspectives of security in the clinical domain
An understanding of ‘communities of practice’ can help to make sense of existing security and privacy issues within organizations; the same understanding can be used proactively to help bridge the gap between organizational and end-user perspectives on these matters....