Privacy and human behavior in the age of information

This review summarizes and draws connections between diverse streams of empirical research on privacy behavior. We use three themes to connect insights from social and behavioral sciences: people’s uncertainty about the consequences of privacy-related behaviors and...

Writing down your password: Does it help?

Users are able to remember their phone numbers and postal codes, their student numbers, PIN numbers, and social insurance numbers. Why, then, do users have trouble remembering their passwords? This paper considers the hypothesis that being able to access written notes...

Information security policies: a content analysis

Among information security controls, the literature gives a central role to information security policies. However, there is a reduced number of empirical studies about the features and components of information security policies. This research aims to contribute to...

Security Policy Compliance: User Acceptance Perspective

Information security policy compliance is one of the key concerns that face organizations today. Although, technical and procedural security measures help improve information security, there is an increased need to accommodate human, social and organizational factors....

Using and managing multiple passwords: A week to a view

Security policies are required that protect information from unauthorised access, and also respect challenges users face in creating, and particularly managing, increasing numbers of passwords. This paper investigates real password use in the context of daily life. It...

The antecedents of information security policy compliance

Information security is one of the major challenges for organizations that critically depend on information systems to conduct their businesses. Ensuring safety of information and technology resources has become the top priority for many organizations since the...

Phishing IQ Tests Measure Fear, Not Ability

We argue that phishing IQ tests fail to measure susceptibility to phishing attacks. We conducted a study where 40 subjects were asked to answer a selection of questions from existing phishing IQ tests in which we varied the portion (from 25% to 100%) of the questions...