ICT Systems Security and Privacy Protection : 31st IFIP TC 11 International Conference, SEC 2016, Ghent, Belgium, May 30 - June 1, 2016, Proceedings

Item does not contain fulltex

Influence of Information Overload on IT Security Behavior: A Theoretical Framework

IT systems in organizational processes demand high level of security. The operational security of IT systems depend on end-user IT security behavior. The apparent importance of IT security requires that the end-users process and act on a multitude of IT security information and updates. Information overload (also known as infobesity, data smog etc.), in its manifest combinatorial forms of sensory, cognitive and communication overloads, impact the quality, speed and efficacy of decisions (Rogers, Puryear and Root, 2013). This research attempts to analyze similar impact of plausible IT security information overload on the IT security behavior of organizational end-users. A hierarchical model of the impact of information overload on organizational end-users’ IT security behavior is proposed here. This research extends the literature of information overload in the area of information security and creates a framework for empirical validation of the theoretical underpinnings in the emerging area

The Effects of Group Discussion and Role-playing Training on Self-efficacy, Support-seeking, and Reporting Phishing Emails: Evidence from a Mixed-design Experiment

peer reviewedOrganizations rely on phishing interventions to enhance employees' vigilance and safe responses to phishing emails that bypass technical solutions. While various resources are available to counteract phishing, studies emphasize the need for interactive and practical training approaches. To investigate the effectiveness of such an approach, we developed and delivered two anti-phishing trainings, group discussion and role-playing, at a European university. We conducted a pre-registered1 experiment (N = 105), incorporating repeated measures at three time points, a control group, and three in-situ phishing tests. Both trainings enhanced employees' antiphishing self-efficacy and support-seeking intention in within-group analyses. Only the role-playing training significantly improved support-seeking intention when compared to the control group.U-AGR-6035 - IAS AES Anti-phishing - SCHILTZ Christin

The Role of the Adversary Model in Applied Security Research

Adversary models have been integral to the design of provably-secure cryptographic schemes or protocols. However, their use in other computer science research disciplines is relatively limited, particularly in the case of applied security research (e.g., mobile app and vulnerability studies). In this study, we conduct a survey of prominent adversary models used in the seminal field of cryptography, and more recent mobile and Internet of Things (IoT) research. Motivated by the findings from the cryptography survey, we propose a classification scheme for common app-based adversaries used in mobile security research, and classify key papers using the proposed scheme. Finally, we discuss recent work involving adversary models in the contemporary research field of IoT. We contribute recommendations to aid researchers working in applied (IoT) security based upon our findings from the mobile and cryptography literature. The key recommendation is for authors to clearly define adversary goals, assumptions and capabilities