Abstract
This paper presents an analysis of employees’ security behavior, which focuses upon improving user awareness to counter computer espionage attempts by corporate or state sponsored activity. The author examines existing literature, presents the results from initial experiments in security awareness and proposes further work.
Chapter PDF
Similar content being viewed by others
References
Abagnale, F.W., Redding, S.: Catch Me If You Can: The Amazing True Story of the Most Extraordinary Liar in the History of Fun and Profit. Edinburgh, Mainstream (1980, 2003)
Albrechtsen, E.: A Qualitative Study of Users’ View on Information Security. Computers & Security 26, 276–289 (2007)
Albrechtsen, E., Hovden, J.: The Information Security Digital Divide Between Information Security Managers and Users. Computers & Security 28, 476–490 (2009)
Ap Dijksterhuis, J.A.B.: The Perception-Behavior Expressway: Automatic Effects of Social Perception on Social Behavior. Advances in Experimental Social Psychology 33, 1–40 (2001)
Bandler, R., Grinder, J., Andreas, S.: Frogs Into Princes: The Introduction to Neuro-Linguistic Programming. Enfield, Eden Grove (1990)
Bar-Anan, Y., Wilson, T.D., Hassin, R.R.: Inaccurate Self-Knowledge Formation as A Result of Automatic Behavior. Journal of Experimental Social Psychology 46, 884–894 (2010)
Bargh, J. A.: Conditional Automaticity (1989), http://Books.Google.Com/Books?Id=Ht6ddclz6eac&Lpg=Pa3&Ots=Db9yj_Q5ai&Dq=CognitionAttention&Lr&Pg=Pr4V=Onepage&Q=Cognition%20attention&F=False
Baron, J.: Thinking and Deciding. Cambridge University Press, Cambridge (2008)
Brown, D.: Tricks of the Mind. Channel 4 Books, London (2006)
Cesario, J., Plaks, J.E., Higgins, E.T.: Automatic Social Behavior as Motivated Preparation to Interact. J. Pers. Soc. Psychol. 90, 893–910 (2006)
Dijksterhuis, A.: On The Relation Between Associative Strength and Automatic Behavior. Journal of Experimental Social Psychology 36, 531–544 (2000)
Festinger, L.: A Theory of Cognitive Dissonance. Evenston, Row Peterson (1957)
Gerber, M., Vonsolms, R.: Management of Risk in the Information Age. Computers & Security 24, 16–30 (2005)
Hadnagy, C.: Social Engineering: The Art of Human Hacking. Wiley (2011)
Hofling, C.: An Experimental Study of Nurse-Physician Relationships. Journal of Nervous and Mental Disease, 171–180 (1966)
Inglesant, P.S., Angela, M.: The True Cost of Unusable Password Policies (2010)
John, A., Bargh, M.C., Burrows, L.: Automaticity of Social Behavior: Direct Effects of Trait Construct and Stereotype Activation on Action. Journal of Personality and Social Psychology 71, 230–244 (1996)
Kruger, H., Kearney, W.: A Prototype for Assessing Information Security Awareness. Computers & Security 25, 289–296 (2006)
Lacey, D.: Managing the Human Factor in Information Security. John Wiley and Sons, Ltd. (2009)
Leler, R., Bernice, S.: Through the Tiger’s Eye. The Catamount 11, 2 (1967)
Sasse, M.A., Brostoff, S., Weirich, D.: Transforming the ‘Weakest Link’ — A Human/Computer Interaction Approach to Usable and Effective Security. Bt. Technol. J. 19(3), 122–131 (2001)
Angela Sasse, M., Ashenden, D.: Human Vulnerabilities in Security Systems. Cyber Security Ktn White Paper (2007)
Mann, I.: Hacking The Human: Social Engineering Techniques and Security Countermeasures. Aldershot, Gower (2008)
Milgram, S.: Obedience to Authority: An Experimental View. Pinter & Martin, London (1974, 1997)
Mitnick, K., Simon, W.L.: The Art of Deception: Controlling the Human Element of Security. Wiley, New York (2002)
Onnela, J.P., Reed-Tsochas, F.: Spontaneous Emergence of Social Influenc in Online Systems. Proceedings of the National Academy of Sciences (2010)
Parker, D.B.: Motivating The Workforce to Support Security Objectives: A Long Term View (2002)
Reicher, S.D., Haslam, S.A.: Rethinking The Psychology of Tyranny: The Bbc Prison Study. British Journal of Social Psychology, 1–40 (2006)
Stanton, J., Stam, K., Mastrangelo, P., Jolton, J.: Analysis of End User Security Behaviors. Computers & Security 24, 124–133 (2005)
Stanton, J.M., Stam, K.R.: The Visible Employee: Using Workplace Monitoring and Surveillance to Protect Information Assets-Without Compromising Employee Privacy or Trust. Information Today, Medford (2006)
Styles, M., Tryfonas, T.: Using Penetration Testing Feedback to Cultivate An Atmosphere of Proactive Security Amongst End-Users. Information Management & Computer Security 17, 44–52 (2009)
Sunstein, C.R.: Probability Neglect: Emotions, Worst Cases and Law (2002)
Sunstein, C.R., Richard, A.Z.: Dreadful Possibilities, Neglected Probabilities (2009)
Tavris, C., Elliot, A.: Mistakes Were Made (But Not By Me): Why We Justify Foolish Beliefs, Bad Decisions, and Hurtful Acts. Harcourt, Orlando (2007)
Vetter, K.: E-Mail Typos Result in 20gb of Stolen Data. Wired (2011) http://Edition.Cnn.Com/2011/Tech/Web/09/09/Email.Typos.Stolen.Data.Wired/Index.html (accessed September 9, 2011)
Wilde, G.: The Theory of Risk Homeostasis: Implications for Safety and Health. Risk Analysis 2, 209–225 (1982)
Williams, C.: Police Send Reg Hack Crb Check Database - Massive Security Breach Prompts Investigation. The Register (2010), http://www.Theregister.Co.Uk/2010/04/16/Gwent_Police_Data/ (accessed September 2011)
Zimbardo, P.G.: The Lucifer Effect: How Good People Turn Evil. Rider, London (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Styles, M. (2013). Constructing Positive Influences for User Security Decisions to Counter Corporate or State Sponsored Computer Espionage Threats. In: Marinos, L., Askoxylakis, I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2013. Lecture Notes in Computer Science, vol 8030. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39345-7_21
Download citation
DOI: https://doi.org/10.1007/978-3-642-39345-7_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39344-0
Online ISBN: 978-3-642-39345-7
eBook Packages: Computer ScienceComputer Science (R0)