Share This Author
Productive Security: A Scalable Methodology for Analysing Employee Security Behaviours
- A. Beautement, Ingolf Becker, S. Parkin, Kat Krol, M. Sasse
- Business, Computer ScienceSOUPS
- 22 June 2016
A methodology for gathering large scale data sets on employee behaviour and attitudes via scenario-based surveys is presented, demonstrating that this approach is capable of determining important differences between various population groups.
Metaphors considered harmful? An exploratory study of the effectiveness of functional metaphors for end-to-end encryption
Creating explanatory metaphors for encryption technologies is hard; descriptions frequently cue users in a way that undoes their previously correct understanding, so metaphors developed from user language are better than existing industry descriptions.
Finding Security Champions in Blends of Organisational Culture
Security managers define policies and procedures to express how employees should behave to ‘do their bit’ for information security. They assume these policies are compatible with the business…
The Rewards and Costs of Stronger Passwords in a University: Linking Password Lifetime to Strength
It is concluded that linking password lifetime to strength at the point of password creation is a viable strategy for encouraging users to choose stronger passwords (at least when measured by Shannon entropy).
Are Payment Card Contracts Unfair? (Short Paper)
It is found that while only a third of PINs are ever changed, almost half of bank customers write at least one PIN down, and bank conditions are too vague to test, or even contradictory on whether PINs could be shared across cards.
Interventions for long‐term software security: Creating a lightweight program of assurance techniques for developers
- Charles Weir, Ingolf Becker, J. Noble, L. Blair, M. Sasse, A. Rashid
- Computer ScienceSoftw. Pract. Exp.
- 12 November 2019
It is proposed that a series of lightweight interventions can improve a team's motivation to consider security and awareness of assurance techniques, changing its security culture even when no security experts are involved, and improvement is long‐lasting.
From Paternalistic to User-Centred Security: Putting Users First with Value-Sensitive Design
It is shown that engagement with, and adherence to security, are mediated by user values, and that it is necessary to model those values to understand the nature of security’s failures and to design viable alternatives.
A Passion for Security: Intervening to Help Software Developers
- Charles Weir, Ingolf Becker, L. Blair
- Computer ScienceIEEE/ACM 43rd International Conference on…
- 1 May 2021
It is demonstrated that development teams can notably improve their security maturity even in the absence of security specialists; and suitably guided, developers can find effective ways to promote security to product management.
A Socio-Technical and Co-evolutionary Framework for Reducing Human-Related Risks in Cyber Security and Cybercrime Ecosystems
The ability of cyber security as a whole to adapt and evolve to keep up with adaptive, innovative attackers in a rapidly-changing technological, business and social landscape, in which personal preferences of users are also dynamically evolving is seriously constrains.
Applying Cognitive Control Modes to Identify Security Fatigue Hotspots
A series of user-centred studies which focus on security mechanisms as part of regular routines, such as two-factor authentication, are revisited, to explore the role of human performance and error in producing security fatigue.