Basing Cybersecurity Training on User Perceptions

Furman, Susanne M.; Theofanos, Mary F.; Choong, Yee‐Yin; Stanton, Brian

doi:10.1109/msp.2011.180

Cited by 48 publications

(33 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the literature there are similar findings that people are more aware of privacy violations than of any other type of violations [47]. Few people mentioned specific aspects such as integrity and availability in a study into online security understanding [19]. In a study on connection security, people only considered confidentiality and encryption in their definitions [18].…”

Section: Explanation 1: No Privacy Awarenessmentioning

confidence: 93%

Why Doesn’t Jane Protect Her Privacy?

Renaud

Volkamer

Renkema-Padmos

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. End-to-end encryption has been heralded by privacy and security researchers as an effective defence against dragnet surveillance, but there is no evidence of widespread end-user uptake. We argue that the non-adoption of end-toend encryption might not be entirely due to usability issues identified by Whitten and Tygar in their seminal paper "Why Johnny Can't Encrypt". Our investigation revealed a number of fundamental issues such as incomplete threat models, misaligned incentives, and a general absence of understanding of the email architecture. From our data and related research literature we found evidence of a number of potential explanations for the low uptake of end-to-end encryption. This suggests that merely increasing the availability and usability of encryption functionality in email clients will not automatically encourage increased deployment by email users. We shall have to focus, first, on building comprehensive end-user mental models related to email, and email security. We conclude by suggesting directions for future research.

show abstract

Section: Explanation 1: No Privacy Awarenessmentioning

confidence: 93%

Why Doesn’t Jane Protect Her Privacy?

Renaud

Volkamer

Renkema-Padmos

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…This implies that e-mail users of all groups need additional education, frequent alerts and remainders regarding their risky behaviour caused by security awareness while using not only e-mail communication system, but also while using different ICT systems in everyday life. The correction of users' risky behaviour should be done by raising the users' information security awareness applying education and training [29][30][31].…”

Section: Discussionmentioning

confidence: 99%

Evidential Reasoning Approach to Behavioural Analysis of ICT Users’ Security Awareness

2018

View full text Add to dashboard Cite

Abstract:The role of ICT system's user should be taken into consideration when developing different information security solutions because user, as its constitutive element, can significantly affect overall system security with his/her potentially risky behaviour depending on the level of user's security awareness. In this paper authors propose risk assessment approach of ICT users' behaviour based on the evidential reasoning technique. Performance testing was compared using combination of cluster analysis and discriminant analysis while empirical analysis was conducted on the total of 627 e-mail users grouped regarding gender, age, technical background knowledge and level of experience. Assessment methodology used in this paper has proven to be well suited for evaluation of users' awareness and identification of their potentially risky behaviour. Results of empirical analysis showed that all groups of users got overall utility grade higher than the simulated "minimally enough aware" user, but less than "average awareness" grade. As users of all groups are highly critical towards collocutor, it can mean that users are quite aware about the importance of information security foundation, but also about lack of knowledge regarding different security issues. Another possible reason may be the users' negligence toward security guidelines and protocols.

show abstract

“…Work by Furman et al (2012) tried to understand users' mindset of online security by conducting in-depth interviews to identify correct perceptions, myths, and potential misconceptions. Participants were aware of and concerned with online and computer security but lacked a complete skill set to protect their computer systems, identities, and information online.…”

Section: Challenges / Willingness To Learnmentioning

confidence: 99%

Survey results on adults and cybersecurity education

2018

View full text Add to dashboard Cite

Cyberattacks and identity theft are common problems nowadays where researchers often say that humans are the weakest link the security chain. Therefore, this survey focused on analyzing the interest for adults for 'cyber threat eduction seminars', e.g., how to project themselves and their loved ones. Specifically, we asked questions to understand a possible audience, willingness for paying / time commitment, or fields of interest as well as background and previous training experience. The survey was conducted in late 2016 and taken by 233 participants. The results show that many are worried about cyber threats and about their children exploring the online domain. However, seminars do not seem to be a priority as many individuals were only willing to spend 1-1.5h on seminars.

show abstract

Basing Cybersecurity Training on User Perceptions

Cited by 48 publications

References 9 publications

Why Doesn’t Jane Protect Her Privacy?

Why Doesn’t Jane Protect Her Privacy?

Evidential Reasoning Approach to Behavioural Analysis of ICT Users’ Security Awareness

Survey results on adults and cybersecurity education

Contact Info

Product

Resources

About