Alter ego, state of the art on user profiling: an overview of the most relevant organisational and behavioural aspects regarding User Profiling.

This report gives an overview of the most relevant organisational and\ud behavioural aspects regarding user profiling. It discusses not only the\ud most important aims of user profiling from both an organisation’s as\ud well as a user’s perspective, it will also discuss organisational motives\ud and barriers for user profiling and the most important conditions for\ud the success of user profiling. Finally recommendations are made and\ud suggestions for further research are given

Using Measures of Risk Perception to Predict Information Security Behavior: Insights from Electroencephalography (EEG)

Users’ perceptions of risks have important implications for information security because individual users’ actions can compromise entire systems. Therefore, there is a critical need to understand how users perceive and respond to information security risks. Previous research on perceptions of information security risk has chiefly relied on self-reported measures. Although these studies are valuable, risk perceptions are often associated with feelings—such as fear or doubt—that are difficult to measure accurately using survey instruments. Additionally, it is unclear how these self-reported measures map to actual security behavior. This paper contributes to this topic by demonstrating that risk-taking behavior is effectively predicted using electroencephalography (EEG) via event-related potentials (ERPs). Using the Iowa Gambling Task, a widely used technique shown to be correlated with real-world risky behaviors, we show that the differences in neural responses to positive and negative feedback strongly predict users’ information security behavior in a separate laboratory-based computing task. In addition, we compare the predictive validity of EEG measures to that of self-reported measures of information security risk perceptions. Our experiments show that self-reported measures are ineffective in predicting security behaviors under a condition in which information security is not salient. However, we show that, when security concerns become salient, self-reported measures do predict security behavior. Interestingly, EEG measures significantly predict behavior in both salient and non-salient conditions, which indicates that EEG measures are a robust predictor of security behavior

Scary Stories: Fear Appeals, Hopelessness and the Role of Response Efficacy in Protective Online Behavior

The issue of online threats is a topic of widespread notoriety and the target of voluminous research. In spite of this, recommended treatments do not seem to have been completely effective, as indicated by the prominence of identity theft among complaints to government agencies such as the Federal Trade Commission. The goal of this research is to produce a more complete and nuanced understanding of this problem and thus provide better guidance toward preventing identity theft. This work offers a 2 x 2 experiment that manipulates both Threat conditions and Response Efficacy in concert, testing for an interaction effect of Threat and Response Efficacy on Behavioral Intention, Fear, and Hopelessness. Our results indicate that a high Threat condition increases users’ intentions to take action against an online threat, as expected. However, we also find that Response Efficacy plays a critical role in how individuals react to online threats. Response Efficacy is found to relate negatively to Hopelessness. In addition, Fear is measured and discussed

Considerations Regarding the Security and Protection of E-Banking Services Consumers’ Interests

A significant number of breaches in the security of electronic banking (e-Banking) system is reported each year, drawing attention to the need to protect and inform customers about the risk of exposure to malicious actions initiated by cyber-criminals. Financial institutions and consumers recognize the fact that attacks and financial frauds are becoming more complex and are perpetrated by a different class of criminal. This class is increasingly sophisticated and uses technology as part of their strategy. Furthermore, the specialists forecast that the current global recession is likely to increase the frequency of internal fraud and security breaches. The present research tries: (1) to analyze the potential dangers threatening the security of e- Banking services through a comprehensive investigation of the relevant literature; (2) to identify the tools and methods that can ensure the consumers’ protection in E-Banking, (3) to present the results of a pilot study regarding the Romanian consumer perception on the protection and security related to E-Banking servicesE-Banking services, security, consumer protection, cyber-attack

Examining the Coping Appraisal Process in End User Security

Protection Motivation Theory, which models the appraisal processes individuals make in regard to potential threats and safeguards, has informed a number of previous empirical studies on information security. However, none have accounted for the possibility of multiple countermeasures. In this study, we investigated this possibility by analyzing the responses of computer users who could potentially suffer malware infections. Initial results suggest that high levels of self-efficacy and low levels of response costs motivate the intentions to adopt one countermeasure over another

An Empirical Investigation Of The Influence Of Fear Appeals On Attitudes And Behavioral Intentions Associated With Recommended Individual Computer Security Actions

Through persuasive communication, IT executives strive to align the actions of end users with the desired security posture of management and of the firm. In many cases, the element of fear is incorporated within these communications. However, within the context of computer security and information assurance, it is not yet clear how these fear-inducing arguments, known as fear appeals, will ultimately impact the actions of end users. The purpose of this study is to examine the influence of fear appeals on the compliance of end users with recommendations to enact specific individual computer security actions toward the amelioration of threats. A two-phase examination was adopted that involved two distinct data collection and analysis procedures, and culminated in the development and testing of a conceptual model representing an infusion of theories based on prior research in Social Psychology and Information Systems (IS), namely the Extended Parallel Process Model (EPPM) and the Unified Theory of Acceptance and Use of Technology (UTAUT). Results of the study suggest that fear appeals do impact end users attitudes and behavioral intentions to comply with recommended individual acts of security, and that the impact is not uniform across all end users, but is determined in part by perceptions of self-efficacy, response efficacy, threat severity, threat susceptibility, and social influence. The findings suggest that self-efficacy and, to a lesser extent, response efficacy predict attitudes and behavioral intentions to engage individual computer security actions, and that these relationships are governed by perceptions of threat severity and threat susceptibility. The findings of this research will contribute to IS expectancy research, human-computer interaction, and organizational communication by revealing a new paradigm in which IT users form perceptions of the technology, not on the basis of performance gains, but on the basis of utility for threat amelioration

Determinants of Personal Information Protection Activities in South Korea

The purpose of this paper is to investigate how people’s awareness and ways to obtain relevant materials of personal information have influenced individual’s information privacy protection activities. This study uses the data of a 2016 survey on information security published by Korea Information and Security Agency. The dependent variables of this study are preventive measures for the security of a Personal Computer (PC) and preventive measures against personal information breach. I classify independent variables into four types. They are internet users’ perception about information privacy, such as awareness of the importance of protecting one’s personal information, and awareness of information privacy threats and their severity, channel of information collection and education, the experience of security incidents and personal information breach, and demographic factors. I use multiple regressions to estimate the effects of the independent variables. The result of this study shows that the level of awareness of the importance of information privacy is positively correlated with information privacy protection activities. Also, it demonstrates that the more people think the information privacy threat is severe, the more they engage in information privacy protection activities. In addition, it shows that internet users who obtained relevant information from watching TV, reading the news paper, or browsing internet are more likely to have engaged in information privacy protection activities. In order to encourage people to raise their information privacy protection activities, the South Korean government should consider factors identified in this study

How to Increase Smart Home Security and Privacy Risk Perception

With continuous technological advancements, our homes become smarter by interconnecting more and more devices. Smart homes provide many advantages. However, they also introduce new privacy and security risks. Recent studies show that only a few people are aware of abstract risks, and most people are not aware of specific negative consequences. We developed a privacy and security awareness intervention for people who want to inform themselves about risks in the smart home context. Our intervention is based on research literature on risk perception and feedback from both lay users and security and privacy experts. We evaluated our intervention regarding its influence on participants’ perceived threat, privacy attitude, motivation to avoid threats, willingness to pay, and time commitment to configure protective measures. The results of this evaluation show a significant increase for all these aspects. We also compared our intervention to information that users could obtain during an Internet search on the topic. In this comparison, our intervention evokes a significantly higher perceived threat and privacy attitude. It showed no significant difference for the other three scales. We discuss our findings in light of related work