Exploring user behavioral data for adaptive cybersecurity

Addae, Joyce; Sun, Xu; Towey, Dave; Radenkovic, Milena

doi:10.1007/s11257-019-09236-5

Cited by 30 publications

(41 citation statements)

References 98 publications

(117 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Critically, research has highlighted the challenges of incorporating individual differences and other socio-cultural variables when applying usable security design heuristics (Jaferian et al 2011 ; Quiñones and Rusu 2017 ). Adaptive and/or personalized user interfaces have been suggested as potential ways of overcoming usability and acceptability issues related to different user domains and contexts (e.g., Addae et al 2019 ).…”

Section: Challenges To Cybersecuritymentioning

confidence: 99%

Leveraging human factors in cybersecurity: an integrated methodological approach

et al. 2021

View full text Add to dashboard Cite

Computer and Information Security (CIS) is usually approached adopting a technology-centric viewpoint, where the human components of sociotechnical systems are generally considered as their weakest part, with little consideration for the end users’ cognitive characteristics, needs and motivations. This paper presents a holistic/Human Factors (HF) approach, where the individual, organisational and technological factors are investigated in pilot healthcare organisations to show how HF vulnerabilities may impact on cybersecurity risks. An overview of current challenges in relation to cybersecurity is first provided, followed by the presentation of an integrated top–down and bottom–up methodology using qualitative and quantitative research methods to assess the level of maturity of the pilot organisations with respect to their capability to face and tackle cyber threats and attacks. This approach adopts a user-centred perspective, involving both the organisations’ management and employees, The results show that a better cyber-security culture does not always correspond with more rule compliant behaviour. In addition, conflicts among cybersecurity rules and procedures may trigger human vulnerabilities. In conclusion, the integration of traditional technical solutions with guidelines to enhance CIS systems by leveraging HF in cybersecurity may lead to the adoption of non-technical countermeasures (such as user awareness) for a comprehensive and holistic way to manage cyber security in organisations.

show abstract

Section: Challenges To Cybersecuritymentioning

confidence: 99%

Leveraging human factors in cybersecurity: an integrated methodological approach

et al. 2021

View full text Add to dashboard Cite

show abstract

“…This is worth considering in future studies and indeed such experimental effects may help to account for the ENISA report [19] observation that threat information tends to be relatively ineffective in driving behaviour. That said, this study still helps to address the relative lack of experimental approaches to cybersecurity behaviour; of which there are even fewer that combine subjective and objective measures (despite some evidence that hybrid approaches may provide a useful new source of evidence around cybersecurity and cyberinsurance behaviours [14,41]).…”

Section: Discussionmentioning

confidence: 99%

Developing and Validating a Behavioural Model of Cyberinsurance Adoption

Branley-Bell

Gómez²,

Coventry

et al. 2021

Sustainability

View full text Add to dashboard Cite

Business disruption from cyberattacks is a growing concern, yet cyberinsurance uptake remains low. Using an online behavioural economics experiment with 4800 participants across four EU countries, this study tests a predictive model of cyberinsurance adoption, incorporating elements of Protection Motivation Theory (PMT) and the Theory of Planned Behaviour (TPB) as well as factors in relation to risk propensity and price. During the experiment, participants were given the opportunity to purchase different cybersecurity measures and cyberinsurance products before performing an online task. Participants likelihood of suffering a cyberattack was dependent upon their adoption of cybersecurity measures and their behaviour during the online task. The consequences of any attack were dependent upon the participants insurance decisions. Structural equation modelling was applied and the model was further developed to include elements of the wider security ecosystem. The final model shows that all TPB factors, and response efficacy from the PMT, positively predicted adoption of premium cyberinsurance. Interestingly, adoption of cybersecurity measures was associated with safer behaviour online, contrary to concerns of “moral hazard”. The findings highlight the need to consider the larger cybersecurity ecosystem when designing interventions to increase adoption of cyberinsurance and/or promote more secure online behaviour.

show abstract

“…All work presented here used different approaches to predict the privacy settings in a binary deny-or-allow fashion, using either existing privacy settings from the same domain, context factors that influence the privacy decision, or additional user input for their prediction. Other recommender systems instead use user behavioral data, for example, for developing user models for adaptive cybersecurity (Addae et al 2019) or to infer a degree of diversity for recommender systems suitable to the user's personality (Wu et al 2018). In the past, we already did some research on how the personality and privacy desires (according to the IUIPC 1 scale) can be used together with context factors as an input to predict privacy levels for specifying the correct audience for a social network post (Raber et al 2017), the detail level of a shared location , which data out of an intelligent retail store should be shared with whom and to assist the user in adapting the permission settings for her smartphone apps (Raber and Krüger 2017).…”

Section: Related Workmentioning

confidence: 99%

Transferring recommendations through privacy user models across domains

Raber

Krüger

2021

User Model User-Adap Inter

View full text Add to dashboard Cite

Although privacy settings are important not only for data privacy, but also to prevent hacking attacks like social engineering that depend on leaked private data, most users do not care about them. Research has tried to help users in setting their privacy settings by using some settings that have already been adapted by the user or individual factors like personality to predict the remaining settings. But in some cases, neither is available. However, the user might have already done privacy settings in another domain, for example, she already adapted the privacy settings on the smartphone, but not on her social network account. In this article, we investigate with the example of four domains (social network posts, location sharing, smartphone app permission settings and data of an intelligent retail store), whether and how precise privacy settings of a domain can be predicted across domains. We performed an exploratory study to examine which privacy settings of the aforementioned domains could be useful, and validated our findings in a validation study. Our results indicate that such an approach works with a prediction precision about 15%–20% better than random and a prediction without input coefficients. We identified clusters of domains that allow model transfer between their members, and discuss which kind of privacy settings (general or context-based) leads to a better prediction accuracy. Based on the results, we would like to conduct user studies to find out whether the prediction precision is perceived by users as a significant improvement over a “one-size-fits-all” solution, where every user is given the same privacy settings.

show abstract

Exploring user behavioral data for adaptive cybersecurity

Cited by 30 publications

References 98 publications

Leveraging human factors in cybersecurity: an integrated methodological approach

Leveraging human factors in cybersecurity: an integrated methodological approach

Developing and Validating a Behavioural Model of Cyberinsurance Adoption

Transferring recommendations through privacy user models across domains

Contact Info

Product

Resources

About