Future directions for behavioral information security research

Crossler, Robert E.; Johnston, Allen C.; Lowry, Paul Benjamin; Hu, Qing; Warkentin, Merrill; Baskerville, Richard

doi:10.1016/j.cose.2012.09.010

Cited by 496 publications

(344 citation statements)

References 72 publications

Supporting

Mentioning

314

Contrasting

Unclassified

Order By: Relevance

“…Beyond the financial impact [4], a cyber-attack may, for example, cause irreparable damage to a firm in the form of corporate liability [5], a weakened competitive position, and loss of credibility [6].…”

Section: Introductionmentioning

confidence: 99%

Decision Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment

2017

View full text Add to dashboard Cite

Abstract:We developed a simulation game to study how well decision makers understand two fundamental aspects of complexity in cybersecurity: potential delays in building capabilities, and uncertainties in predicting cyber-incidents. Analyzing 1,479 simulation runs, we compared the performances of a group of experienced professionals to an inexperienced control group. Experienced subjects did not understand the mechanisms of delays any better than inexperienced subjects. Both groups also exhibited similar errors when dealing with the uncertainty of cyber-incidents. Our findings highlight the importance of training for decision-makers, and lay the groundwork for future research in uncovering mental biases about the complexities of cybersecurity.

show abstract

Section: Introductionmentioning

confidence: 99%

Decision Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment

2017

View full text Add to dashboard Cite

show abstract

“…42,43]. However, BI may not always lead to actual behaviors [44]. Indeed, several studies suggest that, in an information security context, it is better and more realistic to measure actual behaviors rather than intentions [44][45][46].…”

Section: Relationship Between Behavior Intention (Bi) and Actual Behamentioning

confidence: 99%

Effects of Color Appeal, Perceived Risk and Culture on Users Decision in Presence of Warning Banner Message

Silic

Cyr

Bäck

et al. 2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

show abstract

“…Indeed, users often feel overwhelmed with how to control others' access to their personal information [19]. This is crucial because citizens' understanding of information security and privacy threats, and knowledge of the tools they can use to protect themselves, are necessary to provide a more secure society, particularly since individuals are the weakest link in security [12] and the last line of defense in information privacy [20].…”

Section: Background and Theoretical Foundationsmentioning

confidence: 99%

“…Disclosure of information, even voluntary, is not only an information privacy issue but also an information security issue. Information security refers to individuals protecting themselves against threats to their information assets [12], while information privacy is viewed as an individual's ability to control information about themselves [e.g., 13,14,15]. Today's smartphones are typically set up with complex information security and privacy settings, with many default settings often set to give away most information.…”

Section: Background and Theoretical Foundationsmentioning

confidence: 99%

“…In the mobile environment, protecting an individual's information security and/or privacy requires an actual behavior to be enacted. Prior research has suggested that intending to protect one's information privacy or security is not sufficient; one needs to actually use information protection practices to be protected [12] [76].…”

Section: The Mobile Privacy-security Knowledge Gap Modelmentioning

confidence: 99%

See 1 more Smart Citation

The Mobile Privacy-Security Knowledge Gap Model: Understanding Behaviors

Crossler¹

2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

Self Cite

View full text Add to dashboard Cite

show abstract

Future directions for behavioral information security research

Cited by 496 publications

References 72 publications

Decision Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment

Decision Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment

Effects of Color Appeal, Perceived Risk and Culture on Users Decision in Presence of Warning Banner Message

The Mobile Privacy-Security Knowledge Gap Model: Understanding Behaviors

Contact Info

Product

Resources

About

Future directions for behavioral information security research

Cited by 496 publications

References 72 publications

Decision Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment

Decision Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment

Effects of Color Appeal, Perceived Risk and Culture on Users Decision in Presence of Warning Banner Message

The Mobile Privacy-Security Knowledge Gap Model: Understanding Behaviors

Contact Info

Product

Resources

About

Effects of Color Appeal, Perceived Risk and Culture on Users Decision in Presence of Warning Banner Message