From Weakest Link to Security Hero: Transforming Staff Security Behavior

References

Acquisti, Alessandro and Jens Grossklags (2003) “Losses, Gains, and Hyperbolic Discounting: An Experimental Approach to Information Security Attitudes and Behavior,” Proceedings of the Second Workshop on the Economics of Information Security. May 2003.Suche in Google Scholar

Andrews, B. R. (1908) “Habit,” American Journal of Psychology, 14(2):121–149.10.2307/1412711Suche in Google Scholar

Bandura, A. (2007) “Impeding Ecological Sustainability Through Selective Moral Disengagement,” International Journal of Innovation and Sustainable Development, 2(1):8–35.10.1504/IJISD.2007.016056Suche in Google Scholar

Beautement, Adam, M. Angela Sasse and Mike Wonham (2008) “The Compliance Budget: Managing Security Behavior in Organizations,” New Security Paradigms Workshop. Available at: http://www.nspw.org/papers/2008/nspw2008-beautement.pdf.10.1145/1595676.1595684Suche in Google Scholar

Blankenship, K. L. and D. T. Wegener (2008) “Opening the Mind to Close It: Considering a Message in Light of Important Values Increases Message Processing and Later Resistance to Change,” Journal of Personality and Social Psychology, 66:1034–1048.10.1037/0022-3514.94.2.94.2.196Suche in Google Scholar

Cable, Josh (2013): “NSC 2013: O’Neill Exemplifies Safety Leadership,” EHS Today, 3 October 2013, Available at: http://ehstoday.com/safety/nsc-2013-oneill-exemplifies-safety-leadership.Suche in Google Scholar

Caputo, Deanna, Shari Lawrence Pfleeger, Jesse Freeman and M. Eric Johnson (2014) “Going Spear Phishing: Exploring Embedded Training and Awareness,” IEEE Security & Privacy, 12(1):28–38.10.1109/MSP.2013.106Suche in Google Scholar

Diekmann, A. and P. Preisendörfer (1992) “Personliches umweltverhalten: Diskrepanzen zwischen anspruch und wirklichkeit,” Kölner Zeitschrift Für Soziologie Und Sozialpsychologie, 44:226–251.Suche in Google Scholar

Duhigg, Charles (2012) The Power of Habit: Why We Do What We Do in Life and Business. New York: Random House.Suche in Google Scholar

Durkheim, Emile (1897) Le Suicide, Alcan Press, Paris, 1897. (J. A. Spalding and G. Simpson trans.), New York: Free Press 1951.Suche in Google Scholar

Edelman, Ben and Hannah Rosenbaum (2006) “The Safety of Internet Search Engines,” MacAfee, 12 May 2006, Available at: http://www.siteadvisor.com/studies/search_safety_may2006.html.Suche in Google Scholar

Egelman, Serge, Lorrie Faith Cranor and Jason Hong (2008) “You’ve Been Warned: An Empirical Study on the Effectiveness of Web Browser Phishing Warnings,” Proceedings of Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. Available at: http://www.guanotronic.com/∼serge/papers/warned.pdf.10.1145/1357054.1357219Suche in Google Scholar

Furnham, Adrian (2005) The Psychology of Behaviour at Work: The Individual in the Organization. Hove: Psychology Press.Suche in Google Scholar

Grant, Adam and David Hofmann (2011) “It’s Not All About Me: Motivating Hospital Hand Hygiene by Focusing on Patients,” Psychological Science, 22:1494–1499.10.1177/0956797611419172Suche in Google Scholar

Haidt, Jonathan (2012) The Righteous Mind: Why Good People Are Divided by Politics and Religion. New York: Pantheon Books.Suche in Google Scholar

Heath, Chip and Dan Heath (2010) Switch: How to Change Things When Change is Hard. New York: Broadway Books.Suche in Google Scholar

Herley, Cormac (2009) “So Long, and No Thanks for the Externalities: The Rational Rejection of Security Advice by Users,” Proceedings of the New Security Paradigms Workshop. Available at: http://research.microsoft.com/en-us/um/people/cormac/papers/2009/SoLongAndNoThanks.pdf.10.1145/1719030.1719050Suche in Google Scholar

Herzberg, Frederick (1987): “One More Time: How Do You Motivate Employees?” Harvard Business Review 65(6):109–120.Suche in Google Scholar

Hobson, Kersty (2003): “Thinking Habits into Action: The Role of Knowledge and Process in Questioning Household Consumption Practices,” Local Environment, 8(1):95–112.10.1080/135498303200041359Suche in Google Scholar

Hodgson, Geoffrey M. (2004): “The Nature and Replication of Routines,” Available at: http://www.gredeg.cnrs.fr/routines/workshop/papers/Hodgson.pdf.Suche in Google Scholar

Information Security Forum. (2014) “From Promoting Awareness to Embedding Behaviours,” Available at: https://www.securityforum.org/shop/p-71-170.Suche in Google Scholar

Kahneman, Daniel (2011) Thinking, Fast and Slow. New York: Farrar, Straus and Giroux.Suche in Google Scholar

Kempton, W., C. K. Harris, J. G. Keith and J. S. Weihl (1985) “Do Consumers Know What Works in Energy Conservation?” Marriage and Family Review, 9:115–133.10.1300/J002v09n01_07Suche in Google Scholar

Kempton, W., J. M. Darley and P. C. Stern (1992) “Psychological Research for The New Energy Problems: Strategies and Opportunities,” American Psychologist, 47(10):1213–1223.10.1037/0003-066X.47.10.1213Suche in Google Scholar

Kirlappos, Iacovos and M. Angela Sasse (2012) “Security Education Against Phishing: A Modest Proposal for a Major Rethink,” IEEE Security and Privacy, 10(2):24–32.10.1109/MSP.2011.179Suche in Google Scholar

Krol, Kat, Matthew Moroz and M. Angela Sasse (2012) “Don’t Work. Can’t Work? Why It Is Time to Rethink Security Warnings,” Proceedings of CRISIS.10.1109/CRISIS.2012.6378951Suche in Google Scholar

Maio, G. R., B. Verplanken, A.S.R. Manstead, W. Stroebe, C.S. Abraham, C. S., P. Sheeran and M. Conner (2007) “Social Psychological Factors in Lifestyle Change and Their Relevance to Social Policy,” Social Issues and Policy Review, 1:99–138.10.1111/j.1751-2409.2007.00005.xSuche in Google Scholar

McBride, Maranda, Lemuria Carter and Merrill Warkinten (2012) Exploring the Role of Individual Employee Characteristics and Personality on Employee Compliance with Cyber Security Policies. Technical Report, RTI International.Suche in Google Scholar

McGuire, W. J. (1961) “The Effectiveness of Supportive and Refutational Defenses in Immunizing Defenses,” Sociometry, 24:184–197.10.2307/2786067Suche in Google Scholar

Muraven, Mark, Marylène Gagné and Heather Rosman (2008) “Helpful Self-Control: Autonomy Support, Vitality and Depletion,” Journal of Experimental and Social Psychology, 44(3):573–585.10.1016/j.jesp.2007.10.008Suche in Google Scholar

Pfleeger, Shari Lawrence and Deanna Caputo (2012) “Leveraging Behavioral Science to Mitigate Cyber Security Risk,” Computers & Security, 31:597–611.10.1016/j.cose.2011.12.010Suche in Google Scholar

Reason, James T. (2008) The Human Contribution: Unsafe Acts, Accidents and Heroic Recoveries. Farnham, Surrey: Ashgate Publishing.Suche in Google Scholar

Sasse, M. Angela, Sacha Brostoff and Dirk Weirich (2001) “Transforming the ‘Weakest Link’: A Human/Computer Interaction Approach to Usable and Effective Security,” BT Technology Journal, 19(3):122–131.10.1023/A:1011902718709Suche in Google Scholar

Schein, Edgar H. (1996) “Career Anchors Revisited: Implications for Career Development in the 21st Century,” The Academy of Management Executive, 10(4):80–88.10.5465/ame.1996.3145321Suche in Google Scholar

Schein, Edgar H. (2004) Organizational Culture and Leadership. San Francisco: Jossey-Bass.Suche in Google Scholar

Stanovich, Keith E. and Richard F. West (2000) “Individual Differences in Reasoning: Implications for the Rationality Debate,” Behavioral and Brain Science, 23(5):645–665.10.1017/S0140525X00003435Suche in Google Scholar

Weick, Karl E. and Kathleen M. Sutcliffe (2001) Managing the Unexpected: Assuring High Performance in an Age of Complexity. San Francisco: Jossey-Bass.Suche in Google Scholar

Wogalter, Michael S. and Eric Feng (2010) “Indirect warnings/instructions Produce Behavioral Compliance,” Human Factors and Ergonomics in Manufacturing and Service Industries, 20:500–510.10.1002/hfm.20190Suche in Google Scholar