NoPhish App Evaluation: Lab and Retention Study

Phishing is a prevalent issue of today’s Internet. Previous approaches to counter phishing do not draw on a crucial factor to combat the threat – the users themselves. We believe user education about the dangers of the Internet is a further key strategy to...

Effects of cyber security knowledge on attack detection

Ensuring cyber security is a complex task that relies on domain knowledge and requires cognitive abilities to determine possible threats from large amounts of network data. This study investigates how knowledge in network operations and information security influence...

More Is Not the Answer

In this paper we explore why progress has been slow and examine several possible directions. First, the scale and diversity of the web makes one-size fits all approaches hard. Second, the competition for user attention is fierce: there are no pools of unexploited user...

Writing down your password: Does it help?

Users are able to remember their phone numbers and postal codes, their student numbers, PIN numbers, and social insurance numbers. Why, then, do users have trouble remembering their passwords? This paper considers the hypothesis that being able to access written notes...

Contextualized Web warnings, and how they cause distrust

Current warnings in Web browsers are difficult to understand for lay users. We address this problem through more concrete warning content by contextualizing the warning – for example, taking the user’s current intention into account in order to name concrete...

Targeted Risk Communication for Computer Security

Attacks on computer systems are rapidly becoming more numerous and more sophisticated, and current preventive techniques do not seem able to keep pace. Many successful attacks can be attributed to user errors: for example, while focused on other tasks, users may...

Modifying Smartphone User Locking Behavior

With an increasing number of organizations allowing personal smart phones onto their networks, considerable security risk is introduced. The security risk is exacerbated by the tremendous heterogeneity of the personal mobile devices and their respective installed pool...

Cyber Security Games: A New Line of Risk

Behaviour change is difficult to achieve and there are many models identifying the factors to affect such change but few have been applied in the security domain. This paper discusses the use of serious games to improve the security behaviour of end-users. A new...

Security Policy Compliance: User Acceptance Perspective

Information security policy compliance is one of the key concerns that face organizations today. Although, technical and procedural security measures help improve information security, there is an increased need to accommodate human, social and organizational factors....

Scare tactics – A viable weapon in the security war?

End users are frequently criticised as the sources of bad security practice, and it is suggested they might take the issue more seriously if they experienced a breach. An option for enabling this would be for security administrators to deliberately create conditions...

Phishing IQ Tests Measure Fear, Not Ability

We argue that phishing IQ tests fail to measure susceptibility to phishing attacks. We conducted a study where 40 subjects were asked to answer a selection of questions from existing phishing IQ tests in which we varied the portion (from 25% to 100%) of the questions...

Protecting Users Against Phishing Attacks with AntiPhish

Phishing is a form of online identity theft that aims to steal sensitive information such as online banking passwords and credit card information from users. Phishing scams have been receiving extensive press coverage because such attacks have been escalating in...

An application of deterrence theory to software piracy

Although the research on software piracy is growing, criminologists have not examined the role of deterrence in software piracy. Using data collected from 382 undergraduate students attending a southeastern university, this study examined the role of deterrence in...