Introducing the cybersurvival task: assessing and addressing staff beliefs about effective cyber protection

James Nicholson, Lynne Coventry, Pam Briggs

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Citations (Scopus)

Abstract

Despite increased awareness of cybersecurity incidents and consequences, organisations still struggle to convince employees to comply with information security policies and engage in effective cyber prevention. Here we introduce and evaluate The Cybersurvival Task, a ranking task that highlights cybersecurity misconceptions amongst employees and that serves as a reflective exercise for security experts. We describe an initial deployment and refinement of the task in one organisation and a second deployment and evaluation in another. We show how the Cybersurvival Task could be used to detect 'shadow security' cultures within an organisation and illustrate how a group discussion about the importance of different cyber behaviours led to the weakening of staff's cybersecurity positions (i.e. more disagreement with experts). We also discuss its use as a tool to inform organisational policy-making and the design of campaigns and training events, ensuring that they are better tailored to specific staff groups and designed to target problematic behaviours.

Original languageEnglish
Title of host publicationProceedings of the Fourteenth Symposium on Usable Privacy and Security, SOUPS 2018
EditorsMary Ellen Zurko, Heather Richter Lipford, Sonia Chiasson, Rob Reeder
Place of PublicationUnited States
PublisherUSENIX Association
Pages443-457
Number of pages15
ISBN (Electronic)9781939133106, 9781931971454
DOIs
Publication statusPublished - 12 Aug 2018
Externally publishedYes
Event14th Symposium on Usable Privacy and Security - Baltimore Marriott Waterfront, Baltimore, United States
Duration: 12 Aug 201814 Aug 2018
Conference number: 14th
https://www.usenix.org/conference/soups2018

Other

Other14th Symposium on Usable Privacy and Security
Abbreviated titleSOUPS 2018
Country/TerritoryUnited States
CityBaltimore
Period12/08/1814/08/18
Internet address

Keywords

  • Cyber security
  • Group discussions
  • Information security policies
  • Initial deployments
  • Organisational
  • Policy making
  • Security experts

Fingerprint

Dive into the research topics of 'Introducing the cybersurvival task: assessing and addressing staff beliefs about effective cyber protection'. Together they form a unique fingerprint.

Cite this