Circular Image

16 records found

‘The trivial tickets build the trust’

A co-design approach to understanding security support interactions in a large university

Increasingly, organizations are acknowledging the importance of human factors in the management of security in workplaces. There are challenges in managing security infrastructures in which there may be centrally mandated and locally managed initiatives to promote secure behaviou ...

“What Keeps People Secure is That They Met The Security Team”

Deconstructing Drivers And Goals of Organizational Security Awareness

Security awareness campaigns in organizations now collectively cost billions of dollars annually. There is increasing focus on ensuring certain security behaviors among employees. On the surface, this would imply a user-centered view of security in organizations. Despite this, th ...

Executive decision-makers

A scenario-based approach to assessing organizational cyber-risk perception

The executive leadership in corporate organizations is increasingly challenged with managing cyber-risks, as an important part of wider business risk management. Cyber-risks are complex, with the threat landscape evolving, including digital infrastructure issues such as trust in ...

Alert Alchemy

SOC Workflows and Decisions in the Management of NIDS Rules

Signature-based network intrusion detection systems (NIDSs) and network intrusion prevention systems (NIPSs) remain at the heart of network defense, along with the rules that enable them to detect threats. These rules allow Security Operation Centers (SOCs) to properly defend a n ...

Lessons in Prevention and Cure

A User Study of Recovery from Flubot Smartphone Malware

The smishing-based malware Flubot was taken down in mid-2022, yet there is little understanding of how it directly impacted smartphone users. We engage with customers of a partner Internet Service Provider (ISP), who have suffered a Flubot infection on their smartphones. We surve ...

"I needed to solve their overwhelmness"

How system administration work was affected by COVID-19

The ongoing global COVID-19 pandemic made working from home – wherever working remotely is possible the norm for what had previously been office-based jobs across the world. This change in how we work created a challenging situation for system administrators (sysadmins), as they ...

The boundedly rational employee

Security economics for behaviour intervention support in organizations

Security policy-makers (influencers) in an organization set security policies that embody intended behaviours for employees (as decision-makers) to follow. Decision-makers then face choices, where this is not simply a binary decision of whether to comply or not, but also how to a ...

Difficult for Thee, But Not for Me

Measuring the Difficulty and User Experience of Remediating Persistent IoT Malware

Consumer IoT devices may suffer malware attacks, and be recruited into botnets or worse. There is evidence that generic advice to device owners to address IoT malware can be successful, but this does not account for emerging forms of persistent IoT malware. Less is known about pe ...
The decisions involved in choosing technology components for systems are poorly understood. This is especially so where the choices pertain to system security and countering the threat of cybersecurity attack. Although common in some commercial products, secure hardware chips pro ...
Cybersecurity controls are deployed to manage risks posed by malicious behaviours or systems. What is not often considered or articulated is how cybersecurity controls may impact legitimate users (often those whose use of a managed system needs to be protected, and preserved). Th ...

An Empirical Study of a Decentralized IdentityWallet

Usability, Security, and Perspectives on User Control

User-centric digital identity initiatives are emerging with a mission to shift control over online identity disclosures to the individual. However, there is little representation of prospective users in discussions of the merits of empowering users with new data management respon ...

Change that Respects Business Expertise

Stories as Prompts for a Conversation about Organisation Security

Leaders of organisations must make investment decisions relating to the security of their organisation. This often happens through consultation with a security specialist. Consultations may be regarded as conversations taking place in a trading zone between the two domains. We pr ...

“The thing doesn't have a name”

Learning from emergent real-world interventions in smart home security

Many consumer Internet-of-Things (IoT) devices are, and will remain, subject to compromise, often without the owner's knowledge. Internet Service Providers (ISPs) are among the actors best-placed to coordinate the remediation of these problems. They receive infection data and can ...

‘I feel like we’re really behind the game’

Perspectives of the United Kingdom’s intimate partner violence support sector on the rise of technology-facilitated abuse

Technology-facilitated abuse or ‘tech abuse’ in intimate partner violence (IPV) contexts describes the breadth of harms that can be enacted using digital systems and online tools. While the misappropriation of technologies in the context of IPV has been subject to prior research, ...
Smart assistant devices (such as Amazon Echo or Google Home) have notable differences to more conventional consumer computing devices. They can be used through voice control as well as physical interaction, and are often positioned as a shared device within a home environment. We ...