535 research outputs found
How to make privacy policies both GDPR-compliant and usable
It is important for organisations to ensure that their privacy policies are General Data Protection Regulation (GDPR) compliant, and this has to be done by the May 2018 deadline. However, it is also important for these policies to be designed with the needs of the human recipient in mind. We carried out an investigation to find out how best to achieve this.We commenced by synthesising the GDPR requirements into a checklist-type format. We then derived a list of usability design guidelines for privacy notifications from the research literature. We augmented the recommendations with other findings reported in the research literature, in order to confirm the guidelines. We conclude by providing a usable and GDPR-compliant privacy policy template for the benefit of policy writers
Why Do People Adopt, or Reject, Smartphone Password Managers?
People use weak passwords for a variety of reasons, the most prescient of these being memory load and inconvenience. The motivation to choose weak passwords is even more compelling on Smartphones because entering complex passwords is particularly time consuming and arduous on small devices. Many of the memory- and inconvenience-related issues can be ameliorated by using a password manager app. Such an app can generate, remember and automatically supply passwords to websites and other apps on the phone. Given this potential, it is unfortunate that these applications have not enjoyed widespread adoption. We carried out a study to find out why this was so, to investigate factors that impeded or encouraged password manager adoption. We found that a number of factors mediated during all three phases of adoption: searching, deciding and trialling. The study’s findings will help us to market these tools more effectively in order to encourage future adoption of password managers
Risk homeostasis in information security:challenges in confirming existence and verifying impact
The central premise behind risk homeostasis theory is that humans adapt their behaviors, based on external factors, to align with a personal risk tolerance level. In essence, this means that the safer or more secure they feel, the more likely it is that they will behave in a risky manner. If this effect exists, it serves to restrict the ability of risk mitigation techniques to effect improvements.The concept is hotly debated in the safety area. Some authors agree that the effect exists, but also point out that it is poorly understood and unreliably predicted. Other re-searchers consider the entire concept fallacious. It is important to gain clarity about whether the effect exists, and to gauge its impact if such evidence can indeed be found.In this paper we consider risk homeostasis in the context of information security. Similar to the safety area, information security could well be impaired if a risk homeostasis effect neutralizes the potential benefits of risk mitigation measures. If the risk homeostasis effect does indeed exist and does impact risk-related behaviors, people will simply elevate risky behaviors in response to feeling less vulnerable due to following security procedures and using protective technologies.Here we discuss, in particular, the challenges we face in confirming the existence and impact of the risk homeostasis effect in information security, especially in an era of ethical research practice
Yes, I know this IoT Device Might Invade my Privacy, but I Love it Anyway! A Study of Saudi Arabian Perceptions
The Internet of Things (IoT) ability to monitor our every move raises many privacy concerns. This paper reports on a study to assess current awareness of privacy implications of IoT devices amongst Saudi Arabians. We found that even when users are aware of the potential for privacy invasion, their need for the convenience these devices afford leads them to discount this potential and to ignore any concerns they might initially have had. We then conclude by making some predictions about the direction the IoT field will take in the next 5-7 years, in terms of privacy invasion, protection and awareness
Humans, robots and values
The issue of machines replacing humans dates back to
the dawn of industrialisation. In this paper we examine what is
fundamental in the distinction between human and
robotic work by reflecting on the work of the classical political economists and engineers. We examine the
relationship between the ideas of machine work and
human work on the part of Marx and Watt as well as their role
in the creation of economic value. We examine the
extent to which artificial power sources could feasibly
substitute for human effort in their arguments.
We go on to examine the differing views of Smith and
Marx with respect to the economic effort contributed
by animals and consider whether the philosophical
distinction made between human and non-human work
can be sustained in the light of modern biological
research. We emphasise the non-universal
character of animal work before going on to discuss
the ideas of universal machines in Capek and Turing giving as a counter example a cloth-folding
robot being developed in our School.
We then return to Watt and discuss the development
of thermodynamics and information theory. We show
how recent research has led to a unification not
only of these fields but also a unitary understanding
of the labour process and the value-creation process.
We look at the implications of general robotisation for profitability and the future
of capitalism. For this we draw on the work of
von Neumann not only on computers but also in
economics to point to the {\em real} threat posed
by robots
The Design and Evaluation of an Interactive Social Engineering Training Programme
Social engineering is a major issue affecting organisational security. Educating employees on
how to avoid social engineering attacks is important because social engineering tries to
penetrate an organisation by using employees to grant authorized access to sensitive
information. While there are a number of theoretical studies about social engineering, a few
practical studies have moved towards educating and training employees on how to spot such
attacks. In this research, we emphasise the importance of educating employees to make them
more resilient to these kinds of attacks.
We developed an educational video encapsulated within a Social Engineering Training
Programme. This is essentially an interactive training video during which the learner interacts
with three different scenarios; educational content, a knowledge-check, and a web page
containing the latest news about current social engineering attacks.
The training programme was evaluated in a Saudi trading company with 24 employees. The
evaluation showed that the programme delivered a positive impact in terms of awareness, as
tested by a post-training qui
- …