Cultural and psychological factors in cyber-security

Halevi, Tzipora; Memon, Nasir; Lewis, James A.; Kumaraguru, Ponnurangam; Arora, Sumit; Dagar, Nikita; Aloul, Fadi; Chen, Jay

doi:10.1145/3011141.3011165

Cited by 44 publications

(39 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In addition, openness to experience had the highest level of relationship, whereas the extroversion had the lowest one. In the light of these findings about personality traits along with the supportive evidences from the literature, it can be deduced that individuals who are open to experience (McBride, Carter & Warkentin, 2012;McCormac et al, 2017), conscientious (Gratian et al, 2018;Halevi et al, 2016;McCormac et al, 2017), emotionally stable (McCormac et al, 2017), agreeable (McCormac et al, 2017 and extrovert (Gratian et al, 2018) perform cyber security behaviors in their daily lives in the more desired and acceptable level.…”

Section: Discussionmentioning

confidence: 91%

Öğrencilerin Siber Güvenlik Davranışlarının Beş Faktör Kişilik Özellikleri ve Çeşitli Diğer Değişkenlere Göre İncelenmesi

Yigit¹,

Seferoğlu²

2019

Mersin Üniversitesi Eğitim Fakültesi Dergisi

View full text Add to dashboard Cite

Öz: Bu çalışmanın amacı üniversite öğrencilerinin siber güvenlik davranışlarının beş faktör kişilik özellikleri ve cinsiyet, sınıf düzeyi, bölüm, bilişim güvenliği eğitimi alma durumu ve haftalık internet kullanım süresi değişkenlerine göre incelenmesidir. Çalışmaya farklı üniversite, bölüm ve sınıflardan 420 öğrenci katılmıştır. Verilerin toplanmasında Siber Güvenliği Sağlama Ölçeği, Beş Faktör Kişilik Özellikleri Ölçeği ve araştırmacılar tarafından geliştirilen Kişisel Bilgi Formu kullanılmıştır. Çalışma betimsel tarama modeline göre gerçekleştirilmiştir. Verilerin analizi Pearson korelasyon katsayısı, bağımsız örneklemler ttesti ve tek yönlü varyans analizi (ANOVA) gibi istatistiksel teknikler kullanılarak yapılmıştır. Çalışmadan elde edilen bulgular, öğrencilerin siber güvenlik davranış düzeylerinin kabul edilebilir bir seviyede olduğunu göstermiştir. Ayrıca öğrenciler kendilerini uyumlu, sorumlu ve deneyime açık kişiler olarak değerlendirirken, dışadönük ve nevrotik oldukları konusunda kararsız bir görüş bildirmişlerdir. Öğrencilerin siber güvenlik davranışları deneyime açıklık, sorumluluk, uyumluluk, nevrotiklik ve dışadönüklük olmak üzere tüm beş faktör kişilik boyutlarıyla anlamlı bir ilişki sergilediğini göstermiştir. Siber güvenlik davranışlarıyla en güçlü ilişkiye deneyime açıklık, en zayıf ilişkiye ise dışadönüklük kişilik özelliklerinin sahip olduğu tespit edilmiştir. Bunlara ek olarak, BÖTE ve bilgisayar programcılığı öğrencilerinin, sınıf düzeyi açısından 3. ve 4. sınıf öğrencilerinin, bilişim güvenliği eğitimi almış olan öğrencilerin ve haftalık 6-10 saat arası internet kullanan öğrencilerin siber güvenlik davranış düzeyleri bakımından daha yeterli oldukları bulunmuştur. Çalışma sonunda, ulaşılan bulgular ışığında siber güvenlik eğitimlerine ağırlık verilmesi ve öğrencilerin kişilik özelliklerinin bu eğitimlerde dikkate alınması önerilmiştir.

show abstract

Section: Discussionmentioning

confidence: 91%

Öğrencilerin Siber Güvenlik Davranışlarının Beş Faktör Kişilik Özellikleri ve Çeşitli Diğer Değişkenlere Göre İncelenmesi

Yigit¹,

Seferoğlu²

2019

Mersin Üniversitesi Eğitim Fakültesi Dergisi

View full text Add to dashboard Cite

show abstract

“…Halevi et al ( 2013 ) find that high neuroticism increases responses to prize phishing messages and that individuals with a high openness have low security setting on social media account, increasing their exposures to privacy attacks. Halevi et al ( 2016 ) find that personality traits affect security attitudes and behaviors as follows: high conscientiousness is associated to highly secure behaviors but does not affect self-efficacy (i.e., one's ability in independently resolving computer security issues); high openness is associated to high self-efficacy; high neuroticism is associated to low self-efficacy; and high emotional stability (inverse of neuroticism) is associated to high self-efficacy. Cho et al ( 2016 ) contradict some of the findings presented in Halevi et al ( 2013 ), by finding that high neuroticism decreases trust and increases risk perception, which makes one more likely to misclassify benign emails as phishing ones.…”

Section: Victim Cognition Through the Lens Of Social Engineering Cmentioning

confidence: 99%

“…Wright and Marett ( 2010 ) find (i) a combination of knowledge and training is effective against phishing attacks; (ii) individuals with a lower self-efficacy (i.e., one's ability to manage unexpected events) and web experience are more likely to fall victims to social engineering cyberattacks; and (iii) individuals with high self-efficacy are less likely to comply with information requests presented in phishing attacks. Halevi et al ( 2016 ) find that a high self-efficacy correlates a better capability to respond to security incidents. Arachchilage and Love ( 2014 ) find that self-efficacy, when combined with knowledge about phishing attacks, can lead to effective strategies for coping with phishing attacks.…”

Section: Victim Cognition Through the Lens Of Social Engineering Cmentioning

confidence: 99%

“…Redmiles et al ( 2018 ) suggest that country/communal norms might affect spam consumption as follows: in countries where spam is more prevalent, users are 59% less likely to click on spam when compared to countries where spam is less prevalent. Halevi et al ( 2016 ) find that individuals with higher risk perception have higher privacy attitudes, which reduce the susceptibility to social engineering cyberattacks. Al-Hamar et al ( 2010 ) perform experimental spear-phishing attacks against two groups from Qatar, where one group consists of 129 employees of a company (dubbed employees ) and the other of 30 personal acquaintances (dubbed friends ); they find that find that 44% of the individuals in the employees group are successfully phished while 57% of the friends groups are successfully phished.…”

Section: Victim Cognition Through the Lens Of Social Engineering Cmentioning

confidence: 99%

See 1 more Smart Citation

Human Cognition Through the Lens of Social Engineering Cyberattacks

Montañez

Golob

2020

Front. Psychol.

View full text Add to dashboard Cite

Social engineering cyberattacks are a major threat because they often prelude sophisticated and devastating cyberattacks. Social engineering cyberattacks are a kind of psychological attack that exploits weaknesses in human cognitive functions. Adequate defense against social engineering cyberattacks requires a deeper understanding of what aspects of human cognition are exploited by these cyberattacks, why humans are susceptible to these cyberattacks, and how we can minimize or at least mitigate their damage. These questions have received some amount of attention, but the state-of-the-art understanding is superficial and scattered in the literature. In this paper, we review human cognition through the lens of social engineering cyberattacks. Then, we propose an extended framework of human cognitive functions to accommodate social engineering cyberattacks. We cast existing studies on various aspects of social engineering cyberattacks into the extended framework, while drawing a number of insights that represent the current understanding and shed light on future research directions. The extended framework might inspire future research endeavor toward a new sub-field that can be called Cybersecurity Cognitive Psychology , which tailors or adapts principles of Cognitive Psychology to the cybersecurity domain while embracing new notions and concepts that are unique to the cybersecurity domain.

show abstract

“…Despite this, the information security community does not have a thorough understanding of what constitutes a human error and often resorts to general basic awareness or training on information security following an incident rather than dealing with the causal factors (Mahfuth et al, 2017). Current practices fall regularly short of identifying the actual root cause of human error related information security incidents even though people are recognized as being the weakest link in information security controls (Metalidou et al, 2014;Halevi et al, 2017;Mahfuth et al, 2017;Parsons et al, 2017;Furnell et al, 2018). There are also no established human error information security frameworks in practice to enable not only effective resolution of human error related information security incidents but also the prevention of these events.…”

Section: Introductionmentioning

confidence: 99%

Published incidents and their proportions of human error

Evans

Yevseyeva

et al. 2019

ICS

View full text Add to dashboard Cite

Purpose This paper aims to provide an understanding of the proportions of incidents that relate to human error. The information security field experiences a continuous stream of information security incidents and breaches, which are publicised by the media, public bodies and regulators. Despite the need for information security practices being recognised and in existence for some time, the underlying general information security affecting tasks and causes of these incidents and breaches are not consistently understood, particularly with regard to human error. Design/methodology/approach This paper analyses recent published incidents and breaches to establish the proportions of human error and where possible subsequently uses the HEART (human error assessment and reduction technique) human reliability analysis technique, which is established within the safety field. Findings This analysis provides an understanding of the proportions of incidents and breaches that relate to human error, as well as the common types of tasks that result in these incidents and breaches through adoption of methods applied within the safety field. Originality/value This research provides original contribution to knowledge through the analysis of recent public sector information security incidents and breaches to understand the proportions that relate to human error.

show abstract

Cultural and psychological factors in cyber-security

Cited by 44 publications

References 12 publications

Öğrencilerin Siber Güvenlik Davranışlarının Beş Faktör Kişilik Özellikleri ve Çeşitli Diğer Değişkenlere Göre İncelenmesi

Öğrencilerin Siber Güvenlik Davranışlarının Beş Faktör Kişilik Özellikleri ve Çeşitli Diğer Değişkenlere Göre İncelenmesi

Human Cognition Through the Lens of Social Engineering Cyberattacks

Published incidents and their proportions of human error

Contact Info

Product

Resources

About