Abstract
Despite increased awareness of cybersecurity incidents and consequences, organisations still struggle to convince employees to comply with information security policies and engage in effective cyber prevention. Here we introduce and evaluateThe Cybersurvival Task, a ranking task that highlights cybersecurity misconceptions amongst employees and that serves as a reflective exercise for security experts. We describe an initial deployment and refinement of the task in one organisation and a second deployment and evaluation in another. We show how the Cybersurvival Task could be used to detect ‘shadow security’ cultures within an organisation and illustrate how a group discussion about the importance of different cyber behaviours led to the weakening of staff’s cybersecurity positions (i.e. more disagreement with experts). We also discuss its use as a tool to inform organisational policy-making and the design of campaigns and training events, ensuring that they are better tailored to specific staff groups and designed to target problematic behaviours.
Original language | English |
---|---|
Title of host publication | Proceedings of the Fourteenth Symposium on Usable Privacy and Security (SOUPS) 2018 |
Subtitle of host publication | Baltimore, MD, USA August 12–14, 2018 |
Place of Publication | Berkeley |
Publisher | USENIX Association |
Pages | 443-457 |
Number of pages | 15 |
ISBN (Electronic) | 9781939133106 |
ISBN (Print) | 9781931971454 |
Publication status | Published - 12 Aug 2018 |
Event | 14th Symposium on Usable Privacy and Security - Baltimore, United States Duration: 12 Aug 2018 → 14 Aug 2018 https://www.usenix.org/conference/soups2018 |
Conference
Conference | 14th Symposium on Usable Privacy and Security |
---|---|
Abbreviated title | SOUPS 2018 |
Country/Territory | United States |
City | Baltimore |
Period | 12/08/18 → 14/08/18 |
Internet address |