Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

International Conference on Human Aspects of Information Security, Privacy, and Trust

HAS 2013: Human Aspects of Information Security, Privacy, and Trust pp 176–185Cite as

  1. Home
  2. Human Aspects of Information Security, Privacy, and Trust
  3. Conference paper
Perception of Risky Security Behaviour by Users: Survey of Current Approaches

Perception of Risky Security Behaviour by Users: Survey of Current Approaches

  • Lynsay A. Shepherd18,
  • Jacqueline Archibald18 &
  • R. I. Ferguson18 
  • Conference paper

  • 2819 Accesses

  • 2 Citations

  • 1 Altmetric

Part of the Lecture Notes in Computer Science book series (LNISA,volume 8030)

Abstract

What constitutes risky security behaviour is not necessarily obvious to users and as a consequence end-user devices could be vulnerable to compromise. This paper seeks to lay the groundwork for a project to provide instant warning via automatic recognition of risky behaviour. It examines three aspects of the problem, behaviour taxonomy, techniques for its monitoring and recognition and means of giving appropriate feedback. Consideration is given to a way of quantifying the perception of risk a user may have. An ongoing project is described in which the three aspects are being combined in an attempt to better educate users to the risks and consequences of poor security behaviour. The paper concludes that affective feedback may be an appropriate method for interacting with users in a browser-based environment.

Keywords

  • End-user security behaviours
  • usable security
  • affective computing
  • user monitoring techniques
  • user feedback
  • risk perception
  • security awareness

Chapter PDF

Download to read the full chapter text

References

  1. Li, Y., Siponen, M.: A call for research on home users information security behaviour. In: PACIS 2011, Proceedings (2011) (paper 112)

    Google Scholar 

  2. Pfleeger, S., Caputo, D.: Leveraging behavioral science to mitigate cyber security risk, Computers & Security (2012), doi:10.1016/j.cose.2011.12.010 (accessed October 29, 2012)

    Google Scholar 

  3. Stanton, J.M., et al.: Analysis of end user security behaviors. Computers and Security 24, 124–133 (2005)

    CrossRef  Google Scholar 

  4. Hilbert, D., Redmiles, D.F.: Extracting usability information from user interface events. ACM Computing Surveys, 384–421 (December 2000)

    Google Scholar 

  5. Fenstermacher, K.D., Ginsburg, M.A.: Lightweight framework for cross-application user monitoring. IEEE Computer, 51–58 (2002)

    Google Scholar 

  6. Heishman, R., Duric, Z., Wechsler, H.: Understanding cognitive and affective states using eyelid movements. In: First IEEE International Conference on Biometrics: Theory, Applications, and Systems, BTAS 2007, September 27-29, pp. 1–6 (2007), http://dx.doi.org/10.1109/BTAS.2007.4401944 (accessed November 2, 2012)

  7. Doubleday, A., et al.: A comparison of usability techniques for evaluating design. In: Coles, S. (ed.) Proceedings of the 2nd Conference on Designing Interactive Systems: Processes, Practices, Methods, and Techniques, DIS 1997, pp. 101–110. ACM, New York (1997), http://doi.acm.org/10.1145/263552.263583 (accessed November 2, 2012)

  8. Staddon, J., et al.: Are privacy concerns a turn-off?: engagement and privacy in social networks. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, SOUPS 2012, Article 10, 13 pages. ACM, New York (2012), http://doi.acm.org/10.1145/2335356.2335370 (accessed November 2, 2012)

  9. Ur, B., et al.: How does your password measure up? The effect of strength meters on password creation. In: Security 2012 Proceedings of the 21st USENIX Conference on Security Symposium, Berkeley, CA, USA (2012); Also presented at Symposium On Usable Privacy and Security, July 11-13, pp. 462–469. ACM, Washington, DC (2012), https://www.usenix.org/conference/usenixsecurity12/how-does-your-password-measure-effect-strength-meters-password-creation (accessed November 2, 2012)

  10. Balduzzi, M.: Attacking the privacy of social network users. HITB Secconf 2011 Malaysia (2011), http://conference.hitb.org/hitbsecconf2011kul/materials/D1T1%20%20Marco%20Balduzzi%20-%20Attacking%20the%20Privacy%20of%20Social%20Network%20Users.pdf (accessed September 21, 2012)

  11. Hadnagy, C.: Social engineering: the art of human hacking, pp. 23–24. Wiley Publishing, Indianapolis (2011)

    Google Scholar 

  12. Payne, B., Edwards, W.: A brief introduction to usable security, pp. 13–21 (May/June 2008)

    Google Scholar 

  13. Fetscherin, M.: Importance of cultural and risk aspects in music piracy: A cross-national comparison among university students. Journal of Electronic Commerce Research (January 2009), www.csulb.edu/journals/jecr/issues/20091/Paper4.pdf (accessed October 30, 2012)

  14. Farahmand, F., et al.: Risk perceptions of information security: A measurement study. In: Proceedings of the 2009 International Conference on Computational Science and Engineering, CSE 2009, vol. 3, pp. 462–469. IEEE, Washington, DC (2012), http://dx.doi.org/10.1109/CSE.2009.449 (accessed November 2, 2012)

  15. Fischoff, B., et al.: How safe is safe enough? A psychometric study of attitudes towards technological risks and benefits. Policy Sciences 9(2), 127–152 (1978)

    CrossRef  Google Scholar 

  16. Ng, B., Kankanhalli, A., Xu, Y.: Studying users’ computer security behavior: A health belief perspective. Decision Support Systems 46(4), 815–825 (2009), http://dx.doi.org/10.1016/j.dss.2008.11.010 , doi:10.1016/j.dss.2008.11.010 (accessed December 6, 2012)

    Google Scholar 

  17. Dehn, D., Van Mulken, S.: The impact of animated interface agents: a review of empirical research. International Journal of Human– Computer Studies 52(1), 1–22 (2012), http://dx.doi.org/10.1006/ijhc.1999.0325 (accessed May 30, 2012)

    Google Scholar 

  18. McDarby, G., et al.: Affective feedback. Media Lab Europe (2004), http://medialabeurope.org/mindgames/publications/publicationsAffectiveFeedbackEnablingTechnologies.pdf (accessed May 22, 2012)

  19. Robison, J., McQuiggan, S., Lester, J.: Evaluating the consequences of affective feedback in intelligent tutoring systems. In: Proceedings of International Conference on Affective Computing and Intelligent Interaction, ACII 2009, Amsterdam, pp. 37–42. IEEE (2009), http://www4.ncsu.edu/~jlrobiso/papers/acii2009.pdf (accessed May 22, 2012)

  20. Hall, L., Woods, S., Aylett, R.S., Newall, L., Paiva, A.C.R.: Achieving empathic engagement through affective interaction with synthetic characters. In: Tao, J., Tan, T., Picard, R.W. (eds.) ACII 2005. LNCS, vol. 3784, pp. 731–738. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  21. Jakobsson, M., Ramzan, Z.: Crimeware: understanding new attacks and defenses, p. 400. Addison-Wesley, Upper Saddle River (2008)

    Google Scholar 

  22. Ed Team. Social. HITB Magazine 1(6), 44–47 (2011), http://magazine.hitb.org/issues/HITB-Ezine-Issue-006.pdf (accessed September 21, 2012)

  23. Shepherd, L.: Enhancing security risk awareness in end-users via affective feedback. PhD Proposal, University of Abertay, Dundee (2012) (unpublished)

    Google Scholar 

  24. Lewicki, R.J., Bunker, B.B.: Developing and maintaining trust in work relationships. In: Kramer, R., Tyler, T. (eds.) Trust in Organizations: Frontiers of Theory and Research, pp. 114–139. Sage Publications, Thousand Oaks (1996)

    CrossRef  Google Scholar 

  25. Mcknight, D., et al.: Trust in a specific technology: An investigation of its components and measures. ACM Transactions on Management Information Systems 2(2), Article 12 (2012), http://dx.doi.org/10.1145/1985347.1985353 (accessed December 6, 2012)

  26. Padayachee, K.: Taxonomy of compliant information security behavior. Computers & Security 31(5), 673–680 (2012), http://dx.doi.org/10.1016/j.cose.2012.04.004 (accessed December 6, 2012)

  27. Takemura, T.: Empirical analysis of behavior on information security. In: Proceedings of the 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing, ITHINGSCPSCOM 2011, pp. 358–363. IEEE Computer Society, Washington, DC (2011), http://dx.doi.org/10.1109/iThings/CPSCom.2011.8 (accessed January 7, 2013)

  28. San-José, P., Rodriguez, S.: Study on information security and e-Trust in Spanish households. In: Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2011, pp. 1–6. ACM, New York (2011), http://doi.acm.org/10.1145/1978672.1978673 (accessed January 7, 2013)

  29. Herath, T., Rao, H.R.: Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Syst. 47(2), 154–165 (2009), http://dx.doi.org/10.1016/j.dss.2009.02.005 (accessed January 31, 2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Engineering, Computing and Applied Mathematics, University of Abertay Dundee, Dundee, DD1 1HG, UK

    Lynsay A. Shepherd, Jacqueline Archibald & R. I. Ferguson

Authors
  1. Lynsay A. Shepherd
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jacqueline Archibald
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. R. I. Ferguson
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Science and Technology Park of Crete, ENISA - European Network and Information Security Agency, Vassilika Vouton, 70013, Heraklion, Crete, Greece

    Louis Marinos

  2. Institute of Computer Science (ICS), Telecommunications and Networks Laboratory (TNL), Foundation for Research and Technology - Hellas (FORTH), N. Plastira 100, Vassilika Vouton, 70013, Heraklion, Crete, Greece

    Ioannis Askoxylakis

Rights and permissions

Reprints and Permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Shepherd, L.A., Archibald, J., Ferguson, R.I. (2013). Perception of Risky Security Behaviour by Users: Survey of Current Approaches. In: Marinos, L., Askoxylakis, I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2013. Lecture Notes in Computer Science, vol 8030. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39345-7_19

Download citation

  • .RIS
  • .ENW
  • .BIB

  • DOI: https://doi.org/10.1007/978-3-642-39345-7_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-39344-0

  • Online ISBN: 978-3-642-39345-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

35.175.107.142

Not affiliated

Springer Nature

© 2023 Springer Nature