1 - 4 of 4
ItemPhishing, Data-Disclosure and The Cognitive Reflection Test( 2022-01-04)Phishing is a form of online identity theft that aims to steal sensitive information such as passwords and credit card information from users. Data is key for the digital economy, but disclosing personal data online increases vulnerabilities and the likelihood of experiencing negative consequences from disclosure. In this paper, we analyze willingness to share personal data, a preference for an intuitive decision style and susceptibility to phishes. We report the results of three large-scale national studies in Norway that included the cognitive reflection test (CRT) and a choice experiment on willingness to share personal data. With a binary logistic regression method, we analyzed the relationship between the CRT, willingness to share data and demographical variables with susceptibility to phishes as the outcome variable. Our main finding is that the willingness to share personal data and an intuitive thinking style significantly predict the probability of falling for phish. These results are based on three large-scale studies with national populations, in contrast to earlier studies that in most cases relying on student populations, giving them greater validity.
ItemAutomated Measuring of Information Security Related Habits( 2022-01-04)Since the digital age requires interaction with digital services, the information security awareness (ISA) of everyone gets more important than ever. Since the ISA is defined as a set of aspects, it is not enough to increase the knowledge. This work focuses on the aspect of habits. Therefore, we used design science research to create an artifact which allows the automated measurement of habits. The automation can be achieved through a client-server application which tracks the behavior of employees in a GDPR-compliant way and calculates multiple metrics based on the tracked behavior. However, not all of the defined metrics are applicable in every company. Therefore, additional process iterations of the design science research methodology are required.
Item360 Degrees of Security: Can VR Increase the Sustainability of ISA Trainings?( 2022-01-04)What companies need are employees who have an appropriate level of information security awareness (ISA). This paper examined ways to increase existing ISA knowledge. The core of the work was to investigate the possibility of a more sustainable effect of knowledge enhancement in relation to ISA through virtual reality (VR). For this purpose, VR training and traditional video training were compared within a subject study. In order to create the most efficient video training possible, a qualitative literature research was first conducted on the topic of knowledge transfer in general. This was followed by the development of didactic guiding principles for an optimized learning video. Both training courses were then tested. Theoretically, a sustainable effect of increasing ISA knowledge through VR training has been proven. However, within the scope of the subject study, no sustainable increase in ISA knowledge can be proven through VR training in comparison to video training. Therefore, the didactic and immersive possibilities of VR technology need to be further explored in follow-up studies.