发布求助
文献互助 智能选刊 最新文献

2013 Third Workshop on Socio-Technical Aspects in Security and Trust最新文献

筛选
英文 中文
Adopting the CMU/APWG Anti-phishing Landing Page Idea for Germany 采用德国CMU/APWG反网络钓鱼登陆页理念
2013 Third Workshop on Socio-Technical Aspects in Security and Trust Pub Date : 2013-06-29 DOI: 10.1109/STAST.2013.12
M. Volkamer, Simon Stockhardt, Steffen Bartsch, M. Kauer
{"title":"Adopting the CMU/APWG Anti-phishing Landing Page Idea for Germany","authors":"M. Volkamer, Simon Stockhardt, Steffen Bartsch, M. Kauer","doi":"10.1109/STAST.2013.12","DOIUrl":"https://doi.org/10.1109/STAST.2013.12","url":null,"abstract":"Phishing attacks still pose a significant problem and purely technical solutions cannot solve this problem. While research literature in general shows that educating users in security is hard, the Anti-Phishing Landing Page proposed by CMU researchers seems promising as it appears in the most teachable moment -- namely once someone clicked on a link and was very likely to fall for phishing. While this page is already in use and exists in many languages we show that it is not effective in Germany as most users leave the page immediately without having read any advice. We therefore explore options to adopt their ideas for Germany. We focus on which are the trustworthy institutes that could provide such a landing page on their web pages and what is an appropriate headline and design.","PeriodicalId":252423,"journal":{"name":"2013 Third Workshop on Socio-Technical Aspects in Security and Trust","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126323871","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Applying the Lost-Letter Technique to Assess IT Risk Behaviour 应用失信技术评估资讯科技风险行为
2013 Third Workshop on Socio-Technical Aspects in Security and Trust Pub Date : 2013-06-29 DOI: 10.1109/STAST.2013.15
Elmer Lastdrager, Lorena Montoya, P. Hartel, M. Junger
{"title":"Applying the Lost-Letter Technique to Assess IT Risk Behaviour","authors":"Elmer Lastdrager, Lorena Montoya, P. Hartel, M. Junger","doi":"10.1109/STAST.2013.15","DOIUrl":"https://doi.org/10.1109/STAST.2013.15","url":null,"abstract":"Information security policies are used to mitigate threats for which a technical prevention is not feasible. Compliance with information security policies is a notoriously difficult issue. Social sciences could provide tools to empirically study compliance with policies. We use a variation of the lost-letter technique to study IT risk behaviour, using USB keys instead of letters. The observational lost-letter study by Farrington and Knight (1979) was replicated in a university setting by dropping 106 USB keys. Labels on the USB keys were used to vary characteristics of the alleged victim. Observers noted characteristics of people who picked a USB key up and whether the USB key was returned. Results show that USB keys in their original box are stolen more than used ones and that people aged 30 or younger and those who place a found USB key in their pocket are more likely to steal. This suggests that the decision to steal a USB key is taken at the moment of pick up, despite ample opportunity to return it. The lost USB key technique proved to be a feasible method of data collection to measure policy compliance and thus also risk behaviour.","PeriodicalId":252423,"journal":{"name":"2013 Third Workshop on Socio-Technical Aspects in Security and Trust","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128780421","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Transparency Enhancing Tools (TETs): An Overview 透明度增强工具(TETs):概述
2013 Third Workshop on Socio-Technical Aspects in Security and Trust Pub Date : 2013-06-29 DOI: 10.1109/STAST.2013.11
M. Janic, Jan Pieter Wijbenga, T. Veugen
{"title":"Transparency Enhancing Tools (TETs): An Overview","authors":"M. Janic, Jan Pieter Wijbenga, T. Veugen","doi":"10.1109/STAST.2013.11","DOIUrl":"https://doi.org/10.1109/STAST.2013.11","url":null,"abstract":"As the amount of users' information collected and exchanged on the Internet is growing, so are, consequently, the users' concerns that their privacy might be violated. Some studies have shown that a large number of users avoid engaging in online services due to privacy concerns. It has been suggested that increased transparency of privacy related mechanisms may promote users' trust. This paper reviews the relationship between users' privacy concerns, transparency enhancing and privacy enhancing mechanisms on the one hand, and users' trust on the other, based on the existing literature. Our literature review demonstrates that previous studies have produced inconsistent results, implying this relationship should be re-examined in future work. Impact of higher transparency on users' trust has been insufficiently studied. Current research seems to suggest that the increase of the understanding of privacy issues increases importance of privacy for trust. Use of privacy enhancing mechanisms by service provider also seems to promote the trust, but this may only hold when these mechanisms are understood by the user. A need for tools that would provide users with this kind of knowledge has also been repeatedly recognized. Additionally, this paper provides an overview and description of the currently available transparency enhancing tools. To the best of our knowledge, no such overview has been available to this end. We demonstrate that the majority of tools promote awareness. Most of them attempt to provide a better understanding of privacy policies, or provide insight in the third party tracking behavior. Two tools have been identified that provide some insight in the collected user's data. No tool providing specific information on, or access to, processing logic has been identified.","PeriodicalId":252423,"journal":{"name":"2013 Third Workshop on Socio-Technical Aspects in Security and Trust","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129825581","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 60
How Privacy Flaws Affect Consumer Perception 隐私缺陷如何影响消费者认知
2013 Third Workshop on Socio-Technical Aspects in Security and Trust Pub Date : 2013-06-29 DOI: 10.1109/STAST.2013.13
Sadia Afroz, Aylin Caliskan, Jordan Santell, Aaron Chapin, R. Greenstadt
{"title":"How Privacy Flaws Affect Consumer Perception","authors":"Sadia Afroz, Aylin Caliskan, Jordan Santell, Aaron Chapin, R. Greenstadt","doi":"10.1109/STAST.2013.13","DOIUrl":"https://doi.org/10.1109/STAST.2013.13","url":null,"abstract":"We examine how consumers perceive publicized instances of privacy flaws and private information data breaches.Using three real-world privacy breach incidents, we study how these flaws affected consumers' future purchasing behavior and perspective on a company's trustworthiness. We investigate whether despite a lack of widespread privacy enhancing technology (PET) usage, consumers are taking some basic security precautions when making purchasing decisions. We survey 600participants on three well-known privacy breaches. Our results show that, in general, consumers are less likely to purchase products that had experienced some form of privacy breach.We find evidence of a slight bias toward giving products the consumers owned themselves more leeway, as suggested by the endowment effect hypothesis.","PeriodicalId":252423,"journal":{"name":"2013 Third Workshop on Socio-Technical Aspects in Security and Trust","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132842057","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
American and Indian Conceptualizations of Phishing 美国和印度的网络钓鱼概念
2013 Third Workshop on Socio-Technical Aspects in Security and Trust Pub Date : 2013-06-29 DOI: 10.1109/STAST.2013.10
Rucha Tembe, Kyung Wha Hong, E. Murphy-Hill, C. Mayhorn, Christopher M. Kelley
{"title":"American and Indian Conceptualizations of Phishing","authors":"Rucha Tembe, Kyung Wha Hong, E. Murphy-Hill, C. Mayhorn, Christopher M. Kelley","doi":"10.1109/STAST.2013.10","DOIUrl":"https://doi.org/10.1109/STAST.2013.10","url":null,"abstract":"Using Amazon's Mechanical Turk, fifty American and sixty-one Indian participants completed a survey that assessed characteristics of phishing attacks, asked participants to describe their previous phishing experiences, and report phishing consequences. The results indicated that almost all participants had been targets, yet Indian participants were twice as likely to be successfully phished as American participants. Part of the reason appears to be that American participants reported more frequent efforts to protect themselves online such as by looking for the padlock icon in their browser. Statistical analyses indicated that American participants agreed more with items for characteristics of phishing, consequences of phishing and the types of media where phishing occurs, suggesting more cautiousness and awareness of phishing.","PeriodicalId":252423,"journal":{"name":"2013 Third Workshop on Socio-Technical Aspects in Security and Trust","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114295754","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Toward an Ontology for Insider Threat Research: Varieties of Insider Threat Definitions 面向内部威胁研究的本体:内部威胁定义的多样性
2013 Third Workshop on Socio-Technical Aspects in Security and Trust Pub Date : 2013-06-29 DOI: 10.1109/STAST.2013.14
David A. Mundie, Samuel J. Perl, Carly L. Huth
{"title":"Toward an Ontology for Insider Threat Research: Varieties of Insider Threat Definitions","authors":"David A. Mundie, Samuel J. Perl, Carly L. Huth","doi":"10.1109/STAST.2013.14","DOIUrl":"https://doi.org/10.1109/STAST.2013.14","url":null,"abstract":"The lack of standardization of the terms insider and insider threat has been a noted problem for researchers in the insider threat field. This paper describes the investigation of 42 different definitions of the terms insider and insider threat, with the goal of better understanding the current conceptual model of insider threat and facilitating communication in the research community.","PeriodicalId":252423,"journal":{"name":"2013 Third Workshop on Socio-Technical Aspects in Security and Trust","volume":"231 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132344569","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信