NoPhish App Evaluation: Lab and Retention Study

Reading Time: 1 minutePhishing is a prevalent issue of today’s Internet. Previous approaches to counter phishing do not draw on a crucial factor to combat the threat – the users themselves. We believe user education about the dangers of the Internet is a further...

Effects of cyber security knowledge on attack detection

Reading Time: 1 minuteEnsuring cyber security is a complex task that relies on domain knowledge and requires cognitive abilities to determine possible threats from large amounts of network data. This study investigates how knowledge in network operations and...

Writing down your password: Does it help?

Reading Time: 1 minuteUsers are able to remember their phone numbers and postal codes, their student numbers, PIN numbers, and social insurance numbers. Why, then, do users have trouble remembering their passwords? This paper considers the hypothesis that being able...

Contextualized Web warnings, and how they cause distrust

Reading Time: 1 minuteCurrent warnings in Web browsers are difficult to understand for lay users. We address this problem through more concrete warning content by contextualizing the warning – for example, taking the user’s current intention into account in order to...

Targeted Risk Communication for Computer Security

Reading Time: 1 minuteAttacks on computer systems are rapidly becoming more numerous and more sophisticated, and current preventive techniques do not seem able to keep pace. Many successful attacks can be attributed to user errors: for example, while focused on other...

Modifying Smartphone User Locking Behavior

Reading Time: 1 minuteWith an increasing number of organizations allowing personal smart phones onto their networks, considerable security risk is introduced. The security risk is exacerbated by the tremendous heterogeneity of the personal mobile devices and their...

Cyber Security Games: A New Line of Risk

Reading Time: 1 minuteBehaviour change is difficult to achieve and there are many models identifying the factors to affect such change but few have been applied in the security domain. This paper discusses the use of serious games to improve the security behaviour of...

Security Policy Compliance: User Acceptance Perspective

Reading Time: 1 minuteInformation security policy compliance is one of the key concerns that face organizations today. Although, technical and procedural security measures help improve information security, there is an increased need to accommodate human, social and...

Phishing IQ Tests Measure Fear, Not Ability

Reading Time: 1 minuteWe argue that phishing IQ tests fail to measure susceptibility to phishing attacks. We conducted a study where 40 subjects were asked to answer a selection of questions from existing phishing IQ tests in which we varied the portion (from 25% to...