Perception of Risky Security Behaviour by Users: Survey of Current Approaches

Shepherd, Lynsay A.; Archibald, Jacqueline; Ferguson, Ian

doi:10.1007/978-3-642-39345-7_19

Cited by 4 publications

(3 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…When browsing the web, there are many ways in which users may potentially place themselves at risk. These can include interacting with poorly coded websites, creating weak passwords, and downloading data from websites containing malicious files [2] There are a number of methods which have been used to raise end-user security awareness when engaging in online transactions, from contextual affective feedback presented in a web browser [3][4], to visualizing privacy policies [5], and phishing awareness applications [6]. Owing to the ubiquity of passwords, this work focusses on security awareness tools developed to improve password security.…”

Section: Raising End-user Security Awarenessmentioning

confidence: 99%

Gamification Techniques for Raising Cyber Security Awareness

Scholefield

Shepherd

2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Due to the prevalence of online services in modern society, such as internet banking and social media, it is important for users to have an understanding of basic security measures in order to keep themselves safe online. However, users often do not know how to make their online interactions secure, which demonstrates an educational need in this area. Gamification has grown in popularity in recent years and has been used to teach people about a range of subjects. This paper presents an exploratory study investigating the use of gamification techniques to educate average users about password security, with the aim of raising overall security awareness. To explore the impact of such techniques, a role-playing quiz application (RPG) was developed for the Android platform to educate users about password security. Results gained from the work highlighted that users enjoyed learning via the use of the password application, and felt they benefitted from the inclusion of gamification techniques. Future work seeks to expand the prototype into a full solution, covering a range of security awareness issues.

show abstract

Section: Raising End-user Security Awarenessmentioning

confidence: 99%

Gamification Techniques for Raising Cyber Security Awareness

Scholefield

Shepherd

2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Should the user engage in potentially risky security behaviour whilst browsing, e.g., entering a password or credit card number into a form, an affective feedback mechanism will trigger, warning users regarding the dangers of their actions. Feedback mechanisms have been explored in previous research and will include colour-based feedback (e.g., green indicating good behaviour), text-based feedback using specific terms and avatars using subtle cues within the browser window [27]. Experiments using these agents will investigate (a) if security risk awareness improves in end-users; and (b) if overall system security improves through the use of affective feedback.…”

Section: Proposed System Overviewmentioning

confidence: 99%

Reducing Risky Security Behaviours: Utilising Affective Feedback to Educate Users

2014

Self Cite

View full text Add to dashboard Cite

Despite the number of tools created to help end-users reduce risky security behaviours, users are still falling victim to online attacks. This paper proposes a browser extension utilising affective feedback to provide warnings on detection of risky behaviour. The paper provides an overview of behaviour considered to be risky, explaining potential threats users may face online. Existing tools developed to reduce risky security behaviours in end-users have been compared, discussing the success rates of various methodologies. Ongoing research is described which attempts to educate users regarding the risks and consequences of poor security behaviour by providing the appropriate feedback on the automatic recognition of risky behaviour. The paper concludes that a solution utilising a browser extension is a suitable method of monitoring potentially risky security behaviour. Ultimately, future work seeks to implement an affective feedback mechanism within the browser extension with the aim of improving security awareness. OPEN ACCESSFuture Internet 2014, 6 761

show abstract

“…Web applications are a highly targeted component of many organizations, therefore it is essential that the security industry is actively improving methods used to defend against attacks. Insecure web applications are detrimental to online businesses, and can place end-users at risk of interacting with a vulnerable site [5]. The section demonstrates the current state of web application development, highlighting how alternative methods may improve attack awareness.…”

Section: Introductionmentioning

confidence: 99%

BlackWatch: Increasing Attack Awareness within Web Applications

Hall¹,

Shepherd

Coull

2019

Future Internet

View full text Add to dashboard Cite

Web applications are relied upon by many for the services they provide. It is essential that applications implement appropriate security measures to prevent security incidents. Currently, web applications focus resources towards the preventative side of security. Whilst prevention is an essential part of the security process, developers must also implement a level of attack awareness into their web applications. Being able to detect when an attack is occurring provides applications with the ability to execute responses against malicious users in an attempt to slow down or deter their attacks. This research seeks to improve web application security by identifying malicious behaviour from within the context of web applications using our tool BlackWatch. The tool is a Python-based application which analyses suspicious events occurring within client web applications, with the objective of identifying malicious patterns of behaviour. Based on the results from a preliminary study, BlackWatch was effective at detecting attacks from both authenticated, and unauthenticated users. Furthermore, user tests with developers indicated BlackWatch was user friendly, and was easy to integrate into existing applications. Future work seeks to develop the BlackWatch solution further for public release.

show abstract

Perception of Risky Security Behaviour by Users: Survey of Current Approaches

Cited by 4 publications

References 16 publications

Gamification Techniques for Raising Cyber Security Awareness

Gamification Techniques for Raising Cyber Security Awareness

Reducing Risky Security Behaviours: Utilising Affective Feedback to Educate Users

BlackWatch: Increasing Attack Awareness within Web Applications

Contact Info

Product

Resources

About