Enhancing security behaviour by supporting the user

Furnell, Steven; Khern-am-nuai, Warut; Esmael, Rawan; Yang, Weining; Li, Ninghui

doi:10.1016/j.cose.2018.01.016

Cited by 53 publications

(30 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…General Model: To propose a protection model, the following elements were taken from the references: the qualitative criteria of cyberattack were considered [24]; user behavior was considered for access control [29]; the criteria of levels of responsibility were adopted [37]; the application of security policies was considered [39]; [31] and the [36] use of phases for attack and response detection was considered.…”

Section: Methodology To Generate Resultsmentioning

confidence: 99%

“…The authors studied the maintenance and accompaniment in user safety; the experiment on social networks was with 60 participants in 5 scenarios; the e-commerce experiment evaluated the generation of passwords to classify security elections; password security control is less than 0.01 units; the control in the times of the change of password is 0.11 units; suggestion control is 0.17 units [29].…”

Section: Methodsmentioning

confidence: 99%

“…The articles reviewed and related cyberattacks in Latin America are: Are We Ready in Latin America and the Caribbean [5], Cyber Risks and Information Security in Latin America & Caribbean Trends [6], Data Breach Investigations Report [7], A cyber-attack on communication link in distributed systems and detection scheme based on H-infinity filtering [8], Cyber-Attack Features for Detecting Cyber Threat Incidents from Online News [9], A Novel Approach for Classification and Detection of DOS Attacks [10], Analysis of efficient processes for optimization in a distributed database [11], Biometric Systems Approach Applied to a Conceptual Model to Mitigate the Integrity of the Information [12], Cyberattacks on Devices Threaten Data and Patients [13], Assessing Mission Impact of Cyberattacks: Toward a Model-Driven Paradigm [14], A survey of iot-enabled cyberattacks: Assessing attack paths to critical infrastructures and services [15], Attacklets: Modeling high dimensionality in real world cyberattacks [16], Cyberattack Prediction Through Public Text Analysis and Mini-Theories [17], Deep learning approach for cyberattack detection [18], Cyberattack detection in mobile cloud computing: A deep learning approach [19], Adaptation of the neural network model to the identification of the cyberattacks type 'denial of service' [20], Cybercriminals, cyberattacks and cybercrime [21], Resource efficiency, privacy and security by design [22], A survey of similarities in banking malware behaviours [23], A new strategy for improving cyber-attacks evaluation in the context of Tallinn Manual [24], Evaluating practitioner cyber-security attack graph configuration preferences [25], Correlating human traits and cyber security behavior intentions [26], Record route IP traceback: Combating DoS attacks and the variants [27], Evaluating the applicability of the double system lens model to the analysis of phishing email judgments [28], Enhancing security behaviour by supporting the user [29], An Algorithm for Moderating DoS Attack in Web based Application [30], Impact of a DDoS attack on computer systems [31], How Secure are Web Se...…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Analysis of Cyberattacks in Public Organizations in Latin America

Toapanta¹,

Cobeña²,

Gallegos³

2020

Adv. sci. technol. eng. syst. j.

View full text Add to dashboard Cite

It was analyzed certain information about cyberattacks in Latin America and methods to counteract the aggressions that affect services, data and infrastructure. The problem is the cyberattack on information networks where there is interdependence between processes, people and devices within public organizations with the negative consequence of denial of services. The objective is to propose a protection model against cyberattacks in public organizations in Latin America to minimize the denial of public services. It was applied the deductive method and exploration to examine the information of cited articles. It resulted a General Model of Protection against Attacks, a Prototype of a network, a Algorithm in flowchart to minimize the attack arrival and a Formula of probability of attack arrival. It was concluded that in order to maintain the continuity of services and activities of public organizations, secure platforms must be in place to monitor and minimize possible attacks; our proposal has an attack detection accuracy of 87.49%.

show abstract

Section: Methodology To Generate Resultsmentioning

confidence: 99%

Section: Methodsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Analysis of Cyberattacks in Public Organizations in Latin America

Toapanta¹,

Cobeña²,

Gallegos³

2020

Adv. sci. technol. eng. syst. j.

View full text Add to dashboard Cite

show abstract

“…In order to test the effect of guidance and feedback, a practical experiment was conducted in which a group of users were asked to perform a task involving password selection, but with differing levels of guidance and feedback to support them [16]. In order to ensure that the experiment was realistic, the participants were unaware that they were participating in a password-related study.…”

Section: Examining the Effect Of Guidance And Feedbackmentioning

confidence: 99%

Aligning Security Practice with Policy: Guiding and Nudging towards Better Behavior

Furnell¹,

Alotaibi²,

Esmael³

2019

Proceedings of the Annual Hawaii International Conference on System Sciences

Self Cite

View full text Add to dashboard Cite

Despite an abundance of policies being directed towards them, users often struggle to follow good cybersecurity practice. Recognizing that such behaviors do not come naturally, a logical approach is to ensure that users are guided and supported in knowing what to do and how to do it. Unfortunately, such support is often lacking. The paper uses the example of password authentication as a specific context in which cybersecurity behavior is frequently criticized, but where users are often left to manage without sufficient support (as evidenced by examining the lack of related guidance and enforcement of good practice on leading websites). The discussion then proceeds to look at the effect of actively supporting the user, drawing upon the results from two experimental studies (one looking at the practical impact of guidance and feedback upon users' password choices, and the other examining the effect of gamifying the password selection experience). The results collectively show that such efforts can have tangible positive effects upon user behaviors. While the specific findings are focused upon passwords, similar principles could also be applied to other aspects of user-facing security.

show abstract

“…Despite this, the information security community does not have a thorough understanding of what constitutes a human error and often resorts to general basic awareness or training on information security following an incident rather than dealing with the causal factors (Mahfuth et al, 2017). Current practices fall regularly short of identifying the actual root cause of human error related information security incidents even though people are recognized as being the weakest link in information security controls (Metalidou et al, 2014;Halevi et al, 2017;Mahfuth et al, 2017;Parsons et al, 2017;Furnell et al, 2018). There are also no established human error information security frameworks in practice to enable not only effective resolution of human error related information security incidents but also the prevention of these events.…”

Section: Introductionmentioning

confidence: 99%

Published incidents and their proportions of human error

Evans

Yevseyeva

et al. 2019

ICS

View full text Add to dashboard Cite

Purpose This paper aims to provide an understanding of the proportions of incidents that relate to human error. The information security field experiences a continuous stream of information security incidents and breaches, which are publicised by the media, public bodies and regulators. Despite the need for information security practices being recognised and in existence for some time, the underlying general information security affecting tasks and causes of these incidents and breaches are not consistently understood, particularly with regard to human error. Design/methodology/approach This paper analyses recent published incidents and breaches to establish the proportions of human error and where possible subsequently uses the HEART (human error assessment and reduction technique) human reliability analysis technique, which is established within the safety field. Findings This analysis provides an understanding of the proportions of incidents and breaches that relate to human error, as well as the common types of tasks that result in these incidents and breaches through adoption of methods applied within the safety field. Originality/value This research provides original contribution to knowledge through the analysis of recent public sector information security incidents and breaches to understand the proportions that relate to human error.

show abstract

Enhancing security behaviour by supporting the user

Cited by 53 publications

References 26 publications

Analysis of Cyberattacks in Public Organizations in Latin America

Analysis of Cyberattacks in Public Organizations in Latin America

Aligning Security Practice with Policy: Guiding and Nudging towards Better Behavior

Published incidents and their proportions of human error

Contact Info

Product

Resources

About