PurposeThe purpose of this paper is to investigate the behaviour response of computer users when either phishing e‐mails or genuine e‐mails arrive in their inbox. The paper describes how this research was conducted and presents and discusses the findings.Design/methodology/approachThis study was a scenario‐based role‐play experiment that involved the development of a web‐based questionnaire that was only accessible by invited participants when they attended a one‐hour, facilitated session in a computer laboratory.FindingsThe findings indicate that overall, genuine e‐mails were managed better than phishing e‐mails. However, informed participants managed phishing e‐mails better than not‐informed participants. Other findings show how familiarity with computers, cognitive impulsivity and personality traits affect behavioural responses to both types of e‐mail.Research limitations/implicationsThis study does not claim to evaluate actual susceptibility to phishing emails. The subjects were University students and therefore the conclusions are not necessarily representative of the general population of e‐mail users.Practical implicationsThe outcomes of this research would assist management in their endeavours to improve computer user behaviour and, as a result, help to mitigate risks to their organisational information systems.Originality/valueThe literature review indicates that this paper addresses a genuine gap in the research.
Little research has been carried out on human performance in optimization problems, such as the Traveling Salesman problem (TSP). Studies by Polivanova (1974, Voprosy Psikhologii, 4, 41-51) and by MacGregor and Ormerod (1996, Perception & Psychophysics, 58, 527-539) suggest that: (1) the complexity of solutions to visually presented TSPs depends on the number of points on the convex hull; and (2) the perception of optimal structure is an innate tendency of the visual system, not subject to individual differences. Results are reported from two experiments. In the first, measures of the total length and completion speed of pathways, and a measure of path uncertainty were compared with optimal solutions produced by an elastic net algorithm and by several heuristic methods. Performance was also compared under instructions to draw the shortest or the most attractive pathway. In the second, various measures of performance were compared with scores on Raven's advanced progressive matrices (APM). The number of points on the convex hull did not determine the relative optimality of solutions, although both this factor and the total number of points influenced solution speed and path uncertainty. Subjects' solutions showed appreciable individual differences, which had a strong correlation with APM scores. The relation between perceptual organization and the process of solving visually presented TSPs is briefly discussed, as is the potential of optimization for providing a conceptual framework for the study of intelligence.
Using a role play scenario experiment, 117 participants were asked to manage 50 emails. To test whether the knowledge that participants are undertaking a phishing study impacts on their decisions, only half of the participants were informed that the study was assessing the ability to identify phishing emails. Results indicated that the participants who were informed that they were undertaking a phishing study were significantly better at correctly managing phishing emails and took longer to make decisions. This was not caused by a bias towards judging an email as a phishing attack, but instead, an increase in the ability to discriminate between phishing and real emails. Interestingly, participants who had formal training in information systems performed more poorly overall. Our results have implications for the interpretation of previous phishing studies, the design of future studies and for training and education campaigns, as it suggests that when people are primed about phishing risks, they adopt a more diligent screening approach to emails.
Purpose
The purpose of this study was to investigate the relationship between resilience, job stress and information security awareness (ISA). The study examined the effect of resilience and job stress on the three components that comprise ISA, namely, knowledge, attitude and behaviour.
Design/methodology/approach
A total of 1,048 working Australians completed an online questionnaire. ISA was measured with the Human Aspects of Information Security Questionnaire. Participants also completed the Brief Resilience Scale and the Job Stress Scale.
Findings
It was found that participants with greater resilience also had higher ISA and experienced lower levels of job stress. More specifically, individuals who reported higher levels of resilience had significantly better knowledge, attitude and behaviour. Similarly, participants who reported lower levels of job stress also reported significantly better knowledge, attitude and behaviour. Resilience plays an important mediating role in the relationship between job stress and ISA. This means that even if people have high levels of job stress, if they are better able to cope with or adapt to stress (i.e. have higher resilience), they are less likely to have lower ISA. Results of this study add to the body of literature emphasising the positive effects of resilience and suggest that resilience is associated with improved ISA and therefore more secure behaviour.
Research limitations/implications
Future research should focus on assessing the influence of resilience training in the workplace.
Originality/value
Given the constructive findings, it may be valuable to focus on the effect of organisational culture, and organisational security culture, on resilience, job stress and ISA.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.