| 1. |
- Kävrestad, Joakim, 1989-, et al.
(författare)
-
ContextBased MicroTraining : A Framework for Information Security Training
- 2020
-
Ingår i: Human Aspects of Information Security and Assurance. - Cham : Springer. - 9783030574031 - 9783030574048 ; , s. 71-81
-
Konferensbidrag (refereegranskat)abstract
- This paper address the emergent need for training measures designed to improve user behavior in regards to security. We do this by proposing a framework for information security training that has been developed for several years and over several projects. The result is the framework ContextBased MicroTraining (CBMT) which provides goals and guidelines for how to better implement information security training that supports the user in the situation where the user needs support. CBMT has been developed and tested for use in higher education as well as for the support of users during passwords creation. This paper presents version 1.0 of the framework with the latest renements.
|
|
| 2. |
- Åhlfeldt, Rose-Mharie, 1960-, et al.
(författare)
-
Current Situation Analysis of Information Security Level in Municipalities
- 2018
-
Ingår i: Journal of Information System Security. - : The Information Institute. - 1551-0123 .- 1551-0808. ; 14:1, s. 3-19
-
Tidskriftsartikel (refereegranskat)abstract
- Municipalities manage a significant part of society's services, and hence they also handle a vast amount of information. A municipality's activities include managing a significant part of society's services, and municipalities’ supply and management of information are, therefore, critical for society in general, and also for achieving the municipalities’ own operational goals. However, research shows weaknesses in the municipalities' work on information security, and there is a need to study and identify the current level of security.This paper presents the result from a GAP analysis mapping the current situation of Swedish municipalities' for systematic information security work, based on the demands made on municipalities from both research and social perspectives. The result shows that the information security level regarding the systematic security work is generally low, and that there is a need to implement adapted tools for Information Security Management Systems in order to support municipalities.
|
|
| 3. |
- Nohlberg, Marcus, 1976-, et al.
(författare)
-
Exploring Information Security and Domestic Equality
- 2020
-
Ingår i: Human Aspects of Information Security and Assurance. - Cham : Springer. - 9783030574031 - 9783030574048 ; , s. 224-232
-
Konferensbidrag (refereegranskat)abstract
- It is well known that men and women dier in terms of securitybehavior. For instance, studies report that gender plays a role insecurity non-compliance intentions, malware susceptibility, and securityself-ecacy. While one reason for gender-based dierences can be thatwomen are vastly underrepresented in the community of security professionals,the impact that gender dierences in security behavior haveon equality is an underresearched area. This paper argues that cyberinequalitycan impact domestic inequality and even be an enabler fordomestic abuse. This paper intends to shed light on how digitalizationworks in households in order to problematize around equality in the digitalera. It reports on a survey that measures dierent factors of personalinformation security and shows that men and women do indeed dierin personal information security behavior on a number of points suchas men being more inuential when it comes to ICT decisions in thehousehold.
|
|
| 4. |
- Kävrestad, Joakim, 1989-, et al.
(författare)
-
Users perception of using CBMT for information security training
- 2019
-
Ingår i: Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019). - : University of Plymouth Press. - 9780244190965 ; , s. 122-131
-
Konferensbidrag (refereegranskat)abstract
- It is well established that user behavior is a crucial aspect of information security and archivingsecure behavior through awareness and security training is the go-to solution proposed bypractitioners as well as the research community. Thus, there is a dire need for efficient trainingmethods for use in the security domain. This paper introduces ContextBased MicroTraining(CBMT), a framework for information security training that dictated that information securitytraining should be delivered to end users in short-sequences when the users are in a situationwhere the training is needed. Further, the users' perception of CBMT in evaluated in an onlinesurvey where about 200 respondents are subjected to training material and asked about how theyperceived them. The results show that users like the training material designed according to theCBMT framework and would prefer to use CBMT over other traditional methods of informationsecurity training.
|
|
| 5. |
- Åhlfeldt, Rose-Mharie, 1960-, et al.
(författare)
-
Current Situation Analysis of Information Security Level in Municipalities
- 2018
-
Ingår i: Proceedings of the Annual Information Institute Conference. - : The Information Institute. - 9781935160199
-
Konferensbidrag (refereegranskat)abstract
- Municipalities manage a significant part of society's services, and hence also handle a vast amount of information. A municipality's activities include managing a significant part of society's services, and the municipality's supply and management of information are, therefore, critical for society in general, but also for achieving the municipality's own operational goals. However, investigations show weaknesses in the municipalities' work on information security, and there is a need to study and identify the current level of security. This paper presents the result from a GAP analysis mapping the Swedish municipalities current situation for systematic information security work, based on the demands made on municipalities from both research and social perspectives. The result shows that the information security level regarding systematic security work is generally low and that there is a need for adapted tools for Information Security Management Systems in order to support municipalities.
|
|
| 6. |
- Lennartsson, Markus, et al.
(författare)
-
Exploring the Meaning of "Usable Security"
- 2020
-
Ingår i: Human Aspects of Information Security and Assurance. - Cham : Springer. - 9783030574031 - 9783030574048 ; , s. 247-258
-
Konferensbidrag (refereegranskat)abstract
- While there are many examples of incidents that make theneed for more work around the human aspects of security apparent, theliterature makes it obvious that usable security can mean many dierentthings and usable security is a complex matter. This paper reports on astructured literature review that analyzed what the research communityconsiders to be included in the term "usable security". Publications fromthe past ve years were analyzed and dierent perceptions of usablesecurity were gathered. The result is a listing of the dierent aspectsthat are discussed under the term "usable security" and can be used as areference for future research of practitioners who are developing securityfunctions with usability in mind.
|
|
| 7. |
- Kävrestad, Joakim, 1989-, et al.
(författare)
-
A taxonomy of factors that contribute to organizational Cybersecurity Awareness (CSA)
- 2024
-
Ingår i: Information and Computer Security. - : Emerald Group Publishing Limited. - 2056-4961.
-
Tidskriftsartikel (refereegranskat)abstract
- PurposeDeveloping cybersecurity awareness (CSA) is becoming a more and more important goal for modern organizations. CSA is a complex sociotechnical system where social, technical and organizational aspects affect each other in an intertwined way. With the goal of providing a holistic representation of CSA, this paper aims to develop a taxonomy of factors that contribute to organizational CSA.Design/methodology/approachThe research used a design science approach including a literature review and practitioner interviews. A taxonomy was drafted based on 71 previous research publications. It was then updated and refined in two iterations of interviews with domain experts.FindingsThe result of this research is a taxonomy which outline six domains for importance for organization CSA. Each domain includes several activities which can be undertaken to increase CSA within an organization. As such, it provides a holistic overview of the CSA field.Practical implicationsOrganizations can adopt the taxonomy to create a roadmap for internal CSA practices. For example, an organization could assess how well it performs in the six main themes and use the subthemes as inspiration when deciding on CSA activities.Originality/valueThe output of this research provides an overview of CSA based on information extracted from existing literature and then reviewed by practitioners. It also outlines how different aspects of CSA are interdependent on each other.
|
|
| 8. |
- Kävrestad, Joakim, 1989-, et al.
(författare)
-
A taxonomy of factors that contribute to organizational Cybersecurity Awareness (CSA)
- 2024
-
Ingår i: Information and Computer Security. - : Emerald Group Publishing Limited. - 2056-4961.
-
Tidskriftsartikel (refereegranskat)abstract
- Purpose: Developing cybersecurity awareness (CSA) is becoming a more and more important goal for modern organizations. CSA is a complex sociotechnical system where social, technical and organizational aspects affect each other in an intertwined way. With the goal of providing a holistic representation of CSA, this paper aims to develop a taxonomy of factors that contribute to organizational CSA.Design/methodology/approach: The research used a design science approach including a literature review and practitioner interviews. A taxonomy was drafted based on 71 previous research publications. It was then updated and refined in two iterations of interviews with domain experts.Findings: The result of this research is a taxonomy which outline six domains for importance for organization CSA. Each domain includes several activities which can be undertaken to increase CSA within an organization. As such, it provides a holistic overview of the CSA field.Practical implications: Organizations can adopt the taxonomy to create a roadmap for internal CSA practices. For example, an organization could assess how well it performs in the six main themes and use the subthemes as inspiration when deciding on CSA activities.Originality/value: The output of this research provides an overview of CSA based on information extracted from existing literature and then reviewed by practitioners. It also outlines how different aspects of CSA are interdependent on each other.
|
|
| 9. |
|
|
| 10. |
- Nohlberg, Marcus, et al.
(författare)
-
A Conceptual Model of Social Engineering
- 2011
-
Ingår i: Journal of Information System Security. - Washington DC : The Information Institute. - 1551-0123 .- 1551-0808. ; 7:2, s. 3-13
-
Tidskriftsartikel (refereegranskat)abstract
- Social engineering is a term used for techniques to trick, or con, users into giving out information to someone that should not have it. In this paper we discuss and model various notions related to social engineering. By using a broad, cross disciplinary approach, we present a conceptual model of the different kinds of social engineering attacks, and their preparation, the victim and the perpetrator, as well as the cultural aspects. By using this approach a better general understanding of social engineering can be reached. The model is also a good tool for teaching about and protecting against social engineering attacks.
|
|
