From Weakest Link to Security Hero: Transforming Staff Security Behavior

Pfleeger, Shari Lawrence; Sasse, M. Angela; Furnham, Adrian

doi:10.1515/jhsem-2014-0035

Cited by 75 publications

(31 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One possible approach is to bridge some of the shortcomings in some of the systems discussed above by developing more hybrid approaches that aim to remove the current security and usability shortcomings. Hence, we suggest a more user centric approach to security by providing a system that can effectively mitigate the security issues that relate to user behaviour, while still providing good usability [76,77,78]. The success of such systems will guarantee that organisations do not have to worry about what legitimate system users might do to jeopardize the security of their accounts or the entire system.…”

Section: Discussionmentioning

confidence: 99%

Security and User Interface Usability of Graphical Authentication Systems – A Review

Suru¹,

Murano²

2019

IJCTT

View full text Add to dashboard Cite

Alphanumeric text and PINs continue to be the dominant authentication methods in spite of the numerous concerns by security researchers of their inability to properly address usability and security flaws and to effectively combine usability and security. These flaws have, however, contributed to the growing research interest in the development and use of graphical authentication systems as alternatives to text based systems. Graphical passwords or graphical authentication systems are password systems that use images rather than characters or numbers in user authentication. In spite of the growing acceptance of graphical passwords, empirical studies have shown that graphical authentication systems have also inherited some of the flaws of text-based passwords. These flaws include predictability, vulnerability to observational attacks and the inability of systems to efficiently combine security with usability. Hence, there is a continued quest to find a "system" that has both strong usability and strong security. This paper is a detailed review of the current state of research into graphical authentication systems. The paper considers in detail some of the mechanisms used in graphical authentication, along with the flaws and strengths of each. The paper also concludes with some suggested ways forward.

show abstract

Section: Discussionmentioning

confidence: 99%

Security and User Interface Usability of Graphical Authentication Systems – A Review

Suru¹,

Murano²

2019

IJCTT

View full text Add to dashboard Cite

show abstract

“…This means that most knowledgeable employees would probably consider all risks before implementing the change and be more cautious in their decisions. Finally, most security precautions require some investment of time—a valuable commodity in today's business world—and the additional steps required to meet security standards do not just require knowledge of the processes but also willingness to spend the time running those processes (Pfleeger, Sasse, & Furnham, ).…”

Section: Discussionmentioning

confidence: 99%

Securing the human: Employee security vulnerability risk in organizational settings

Sebescen

Vitak

2017

Asso for Info Science & Tech

View full text Add to dashboard Cite

As organizational security breaches increase, so too does the need to fully understand the human factors that lead to these breaches and take the necessary steps to minimize threats. The present study evaluates how three sets of employee characteristics (demographic, company-specific, and skills-based) predict an employee's likelihood of becoming a security breach victim. In order to move beyond traditional evaluations of security threats, which generally consider security threats individually, analyses in this paper approach security vulnerability from a more holistic approach to analyze four risk categories concurrently: phishing, passwords, bring your own device (BYOD), and company-supplied laptops. Findings from a survey of 250 employees at a medium-sized American information technology (IT) consulting firm identify higher-risk employees across the four risk areas and provide new insights into the challenges organizations face when trying to ensure the protection of company data.

show abstract

“…It is normally taken for granted that employees within the field of IT have to be highly trained and experienced in the technology and its tools. This experience would not be valid or useful unless those employees enjoy a high level of awareness regarding the importance of security, protection, and technological hazards that accompany IT-based organizations (Pfleeger, Sasse, & Furnham, 2014).…”

Section: Literature Reviewmentioning

confidence: 99%

Cyber-security effect on organizational internal process: mediating role of technological infrastructure

Kilani

2020

Problems and Perspectives in Management

View full text Add to dashboard Cite

Adopting the technologies among organizations comes with the continuous worries of protection and hacking. The idea of cyber-security has become over the years the main interest of many organizations, which depend on technologies in its operations, which requires them to pay extra attention to their technological infrastructure. The current study aims at examining the influence of cyber-security forces on organizational internal operations and the role of technological infrastructure in defining and controlling the level of protection that cyber-security has on organizational internal processes. Quantitative approach was adopted, and a questionnaire was utilized to collect the data from a convenient sample of 360 software engineers, network engineers, software testers, web developers, and technical support using a structured survey questionnaire, and analyzed using SPSS version 21. The results confirmed that cyber-security motivators (data growth, technology expansion, access to required resources, operational control, and technical control) indirectly affect solid internal processes that are attributed to the consistency of technological infrastructure in an organization. The variable of ‘data growth’ appeared to be the most influential motivator on cyber-security strategies, as it scored a mean of 4.2661, which is the highest among all adopted variables and followed by the variable of ‘technical control’, which scored a mean of 4.1296. Accordingly, the study recommends that organizations should consider IT infrastructure as a main item within their risk management strategies to avoid unpredicted risks and attacks.

show abstract

From Weakest Link to Security Hero: Transforming Staff Security Behavior

Cited by 75 publications

References 25 publications

Security and User Interface Usability of Graphical Authentication Systems – A Review

Security and User Interface Usability of Graphical Authentication Systems – A Review

Securing the human: Employee security vulnerability risk in organizational settings

Cyber-security effect on organizational internal process: mediating role of technological infrastructure

Contact Info

Product

Resources

About