Abstract
Staff behaviour is increasingly understood to be an important determinant of an organisations' vulnerability to information security breaches. In parallel to the HCI and CSCW literature, models drawn from cognitive and health psychology have suggested a number of mental variables that predict staff response to security threats. This study began with these models, but engaged in a broader, discovery-orientated, qualitative investigation of how these variables were experienced, interacted subjectively, and what further variables might be of relevance. We conducted in-depth, semi-structured interviews consisting of open and closed questions with staff from a financial services institution under conditions of strict anonymity. Results include a number of findings such as a possible association between highly visible security procedures and low perceptions of vulnerability leading to poor security practices. We also found self-efficacy was a strong determinant of staff sharing stories of negative experiences and variances in the number of non-relevant emails that they process. These findings lead to a richer, deeper understanding of staff experiences in relation to information security and phishing.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017) |
| Place of Publication | United States |
| Publisher | USENIX Association |
| Pages | 115-129 |
| Number of pages | 15 |
| ISBN (Electronic) | 9781931971393 |
| Publication status | Published - 2017 |
| Externally published | Yes |
| Event | Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017) - Santa Clara, United States Duration: 12 Jul 2017 → 14 Jul 2017 |
Conference
| Conference | Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017) |
|---|---|
| Country/Territory | United States |
| City | Santa Clara |
| Period | 12/07/17 → 14/07/17 |