Innovative Behavioral IS Security and Privacy Research

Permanent URI for this collection


Recent Submissions

Now showing 1 - 5 of 11
  • Item
    Traditional SETA No More: Investigating the Intersection Between Cybersecurity and Cognitive Neuroscience
    ( 2019-01-08) Zafar, Humayun ; Randolph, Adriane ; Gupta, Saurabh ; Hollingsworth, Carole
    We investigated the role automated behavior plays in contributing to security breaches. Using different forms of phishing, combined with multiple neurophysiological tools, we were able to more fully understand the approaches participants took when they engaged with a phishing campaign. The four participants of this pilot study ranged in their individual characteristics of gender and IT experience while controlling for age. It seems the biggest factor for awareness and successfully resisting a phishing campaign may be proximity of security training to engagement with that campaign. Neurophysiological tools helped illustrate the thought processes behind participants’ statements and actions; combined with consideration of individual characteristics, these tools help shed more light on human behavior. In the future, we plan to further enhance our testing environment by incorporating an emergent model that considers work task complexity and incorporate more industry participants with a range of IT experience.
  • Item
    Theory of Experiential Career Exploration Technology (TECET): Increasing cybersecurity career interest through playable case studies
    ( 2019-01-08) Giboney, Justin ; Hansen, Derek ; Mcdonald, Jason ; Jonathan, Balzotti, ; Tanner, Johnson ; Winters, Desiree ; Bonsignore, Elizabeth
    There is a large demand to fill cybersecurity jobs. To alleviate this need, it is important to generate interest in cybersecurity as a career. One way to do this is through job shadowing and internships. Using design science principles, we have built and tested a playable case study (PCS) where participants can act out a virtual internship and learn relevant cybersecurity skills. We ran a study with students in introductory university courses where they played through a simulated internship at a penetration testing company called CyberMatics. In the study we showed that a PCS format helps students 1) better understand what skills and traits are needed for, 2) more firmly decide whether to pursue, and 3) increase their confidence in their ability to succeed in a career in cybersecurity. Through this study we propose the Theory of Experiential Career Exploration Technology (TECET).
  • Item
    The Role of “Eyes of Others” in Security Violation Prevention: Measures and Constructs
    ( 2019-01-08) Farshadkhah, Sahar ; Stafford, Tom
    Security research recognizes the effect of “being seen” in reducing the likelihood of security violations in the workplace. This has typically been construed in the context of formal monitoring processes by employers, but there is an emerging notion that workers care about what their workplace colleagues think of them and their activities. We leverage this idea of the “Eyes of Others” in motivating pro-security behaviors to apply to security contexts. We find that, for a set of worker self-perceptions including Morality and Self-Consciousness, the likelihood of engaging in mundane workplace security violations is impacted by the knowledge that coworkers are watching. This has important implications for novel expansions of deterrence research in IS Security, going forward.
  • Item
    To Calculate or To Follow Others: How Do Information Security Managers Make Investment Decisions?
    ( 2019-01-08) Shao, Xiuyan ; Siponen, Mikko ; Pahnila, Seppo
    Economic models of information security investment suggest estimating cost and benefit to make an information security investment decision. However, the intangible nature of information security investment prevents managers from applying cost- benefit analysis in practice. Instead, information security managers may follow experts’ recommendations or the practices of other organizations. The present paper examines factors that influence information security managers’ investment decisions from the reputational herding perspective. The study was conducted using survey questionnaire data collected from 106 organizations in Finland. The findings of the study reveal that the ability and reputation of the security manager and the strength of the information about the security investment significantly motivate the security manager to discount his or her own information. Herding, as a following strategy, together with mandatory requirements are significant motivations for information security investment.
  • Item
    Protecting Privacy on Social Media: Is Consumer Privacy Self-Management Sufficient?
    ( 2019-01-08) Alsarkal, Yaqoub ; Zhang, Nan ; Xu, Heng