May 22, 2019 | Research
The present paper focuses on Cyber Security Awareness Campaigns, and aims to identify key factors regarding security which may lead them to failing to appropriately change people’s behaviour. Past and current efforts to improve information-security practices and...Oct 18, 2017 | Research
Background: We reflect on a methodology for developing scenario-based security behaviour surveys that evolved through deployment in two large partner organisations (A & B). In each organisation, scenarios are grounded in workplace tensions between security and...May 9, 2017 | Research
Usable security research to date has focused on making users more secure, by identifying and addressing usability issues that lead users to making mistakes, or by persuading users to pay attention to security and make secure choices.However, security goals were set by...Apr 29, 2017 | Research
Security managers define policies and procedures to express how employees should behave to ‘do their bit’ for information security. They assume these policies are compatible with the business processes and individual employees’ tasks as they know...Jun 22, 2016 | Research
Organisational security policies are often written without sufficiently taking in to account the goals and capabilities of the employees that must follow them. Effective security management requires that security managers are able to assess the effectiveness of their...