Skip to main content
Top

2025 | Book

Human Aspects of Information Security and Assurance

18th IFIP WG 11.12 International Symposium, HAISA 2024, Skövde, Sweden, July 9–11, 2024, Proceedings, Part I

insite
SEARCH

About this book

The two-volume set IFIP AICT 721 + 722 constitutes the proceedings of the 18th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance, HAISA 2024, held in Skövde, Sweden, in July 9–11, 2024.

The 39 full papers presented were carefully reviewed and selected from 55 submissions. The papers are organized in the following topical sections:

Part I - Management and Risk; Social Engineering; Technical Attacks and Defenses; Usable Security.

Part II - Awareness and Education; Privacy.

Table of Contents

Frontmatter

Management and Risk

Frontmatter
Employee Motivation in Organizational Cybersecurity: Matching Theory and Reality
Abstract
Cyberattacks pose a persistent threat to organizations worldwide. These attacks often target employees as entry points to organizational systems through tactics like phishing and credential theft. Recognizing employees as an organization’s “last line of defense”, motivating employees toward security-compliant behavior becomes paramount. While existing literature investigates theoretical frameworks for enhancing individuals’ motivation, studies regarding their practical implementation within organizational contexts remain scarce. This paper seeks to address this research gap by exploring how organizations motivate and incentivize security-compliant behavior among employees in Germany. We conducted semi-structured interviews with 18 participants from diverse organizational backgrounds, illuminating the topic from three perspectives: Executive managers, security specialists, and regular employees. Utilizing a classification derived from existing literature, we examine our findings to identify which motivational strategies are currently implemented effectively within organizational contexts. On this basis, we offer a set of actionable recommendations on how organizations can enhance and complement existing motivational strategies.
Tobias Reittinger, Magdalena Glas, Sarah Aminzada, Günther Pernul
Information Security Behavioural Threshold Analysis: An Application in the South African Retail Sector
Abstract
The African continent is a veritable cornucopia of opportunity for information security threat actors with large number of organisations that fall victim to security attacks and breaches every year. Despite the prevalence of attacks, many organizations lack comprehensive security strategies, leaving them vulnerable. The human aspect of information security, specifically human behaviour, is of great concern. While many studies focus on the security behaviour of the individual, preciously few studies delve into the evaluation of security group behaviour, which makes group behaviour in this context an under-researched field. Behavioural threshold analysis has been established as a method to measure and predict security behaviour in groups and can be used by organisations to evaluate the security awareness and assess behaviour of the members of the organisations. This research describes the application of information security behavioural threshold analysis in the context of the South African retail sector. This research contributes to the sparse literature on security group behaviour by conducting an empirical evaluation of a South African retail organisation’s security group behaviour. Practical contributions include the measurement and analysis of a number of security focus areas and predictions on the eventual group behaviour, and recommendations for addressing these through awareness programmes and group behaviour dynamics.
Noluhle Makhubalo, Dirk Snyman
Scoping Review: The Landscape of Digital Risks and Cybersecurity Solutions for Journalists
Abstract
The ever-evolving digital world impacts those far beyond the Information Systems (IS) field. Due to the nature of current day journalism practices, journalists are required to use digital resources to be successful in their line of work. Meanwhile, they are battling new and existing digital risks that target their work and personal lives and can lead to psychological and physical harm, reputational damage, and diminished freedom of the press. This article identifies the current landscape of digital risks that individual journalists face in their line of work to address areas in which cybersecurity and journalism can intersect. Based on our findings, online harassment and surveillance are the most identified and researched digital risks to journalists. Therefore, future IS security research could help further identify risks outside these two domains. A comparison is then presented between journalists’ digital risk management recommendations and prominent cybersecurity risk management guidelines, including ISO 31000, NIST frameworks, and a Privacy Impact Assessment (PIA). The most prominent finding from the comparison is that cybersecurity risk management guidelines are process based while journalists risk management recommendations focus on specific action items. Lastly, the paper addresses whether cybersecurity and journalists risk management practices provide individual journalists with a comprehensive process to address their digital risks.
Samantha Phillips, Malte Hansen, Amukelani Matsilele
A Diary Study to Understand Young Saudi Adult Users’ Experiences of Online Security Threats
Abstract
An online diary study was conducted to investigate the experience of online security threats among Saudi young adults. Over a period of 30 days, 16 participants were asked to record up to three threats they received from online sources on any of their devices. 58 threats were received, and 98 cues were reported in detecting the threats. The Phish Scale proved useful to categorise the detection cues, but needed expansion, largely due to the proliferation of threat types, which can come through many online channels including SMS, WhatsApp and online voice channels. The majority of threats were phishing, with general email phishing and target email phishing (spear phishing) being the most common types. The cues most commonly used to detect threats were those related to language and content of the threat, technical indicators such as the lack of a sender name or email or a suspicious or hidden link to follow, and tactics such as posing as a business or making an offer “too good to be true”.
Najla Aldaraani, Helen Petrie, Siamak F. Shahandashti
Investigating the Factors Influencing Individuals’ Self-sovereign Identity Adoption Intentions
Abstract
This study aimed to explore the factors that influence the adoption intentions of self-sovereign identity (SSI) in South Africa and to assess individuals’ current knowledge of SSI technology. Utilizing an adapted model from the value-based adoption model (VAM) and protection motivation theory (PMT), the research examined user-centric factors such as perceived benefit (user experience) and perceived sacrifice and perceived threats (privacy and security threats). Data was collected quantitatively from 300 participants residing in South Africa, using a survey. The survey incorporated a use case involving SSI’s application in the Know Your Customer (KYC) banking process to provide research participants with a defined context in which SSI could be understood. Analysis was conducted using SPSS and SmartPLS software. The study results found that South African individuals are more knowledgeable about SSI than originally anticipated despite its lack of market adoption. Furthermore, it was found that perceived enjoyment and usefulness significantly influence SSI adoption intention. The data suggests that individuals greatly value the benefits of the SSI-based service, which implies a possible demand for the technology. On average, individuals perceive the SSI-based authentication service in the banking sector as both enjoyable and useful, with minimal perceived costs or technicality involved. This suggests that an overall positive user experience can be achieved in digital authentication using self-sovereign identity.
James Clark, Zainab Ruhwanya
“There is a Damn Hello on the Social Media!” Insights into Public Risk Communication in the Digital Age
Abstract
The ability to handle threats, such as disinformation, manipulation of public opinion, and disruption of critical supplies, is becoming increasingly important, thus, necessitating, among other strategies, efforts to establish a proper risk communication to the public. This paper addresses the need for more empirical research in this area to contribute to the development of an in-depth understanding of public risk communication that includes information-related threats and cyber issues. The study involves officials of three public organizations entrusted with safety and security in society: the police, the rescue service, and the county administrative board of a county in the middle of Sweden. The results detail the recognition of risks to be communicated, the organization of the communication process, the messages that these actors seek to bring forth, and to whom as well as challenges of public risk communication in the digital era. The findings indicate that information-related and cyber risks are increasingly essential to consider as an additional layer of public communication. Two implications emerged as particularly important: (1) all communication about risks and crises must consider the systemic risk of mis- and disinformation, and (2) tailored communication about the risks interrelated with disinformation should use human-centered, dialogue-based, and moderated approaches. Further research can focus on associated challenges, considering the distribution of responsibilities, inter-organizational information sharing and cooperation, and the possibly stochastic effects on critical (information) infrastructures and, ultimately, societal values.
Christine Große
A Profile-Based Cyber Security Readiness Assessment Framework at Country Level
Abstract
Continuous improvements to national cybersecurity policies are necessary due to the rapidly evolving cyber threat landscape, growing reliance on information and communication technologies (ICTs), and the prevalence of digital dangers. The process of evaluating cybersecurity maturity is becoming more and more crucial in the dynamic digital environment. Governments can do a thorough assessment of a nation's cybersecurity capabilities by using a cybersecurity maturity model. This allows them to pinpoint areas of weakness and offer specific recommendations for strengthening cybersecurity capabilities. These assessments serve as a standard for illustrating a country's readiness for cyberattacks (where cyber readiness refers to the organisation’s ability to identify, prevent and respond to cyber threats). However, the results of these maturity assessment models are not sufficient for creating national cyber security policies since they are overly generalised and deficient in the evaluation of present capabilities. The focus of this study is to propose a model that takes into consideration multiple factors having greater relevance to national cyber security strategies. This model introduces a profiling approach that carefully evaluates the country's readiness based on the current state of the cyber security initiatives taken at the national level. The key areas considered in the evaluation include threat landscape, overall cyber security posture, initiatives, legal frameworks, infrastructure support, collaborations, capacity, and workforce-building initiatives. To find the utilisation of the novel profiling approach, we have applied it to four selected countries that are recognised as potential targets for threats due to their growing internet population and connectivity. Our research outcome reveals that the profiling techniques reflect the current state of readiness at the national and organisational level to a greater extent and are more optimised for cyber maturity assessment.
Raymond Agyemang, Steven Furnell, Tim Muller
To Risk Analyse, or Not to Risk Analyse: That’s the Question
Abstract
Risk analysis is a key activity for organisations that are looking to protect their valuable information assets against threats, such as malicious actors. It is one of the essential parts of risk management and is used to justify and prioritise what assets require the attention of which potential security controls. Risk management, and more specifically, risk analysis, is an activity that should be performed continuously. However, recent studies indicate that this is not always the case. As such, this paper investigates risk analysis as it is performed in practice in different Swedish public sector organisations. The results are based on semi-structured interviews with 17 senior security experts, an analysis of standards, and a national method support aiming to fill the gap between standard and practice. The results are presented in three themes: how, when and why risk analysis is performed. Of note, we identify that there is an issue of overlooking specific assets or systems when establishing an organisational-wide risk profile and a general recognition of the necessity for risk analysis, albeit not always in alignment with a classic risk analysis.
Erik Bergström, Simon Andersson, Martin Lundgren
Information Security and Privacy Challenges Related to Personal eHealth Services - A Literature Review
Abstract
The study aimed to identify information security and privacy challenges concerning Personal eHealth Services (PeHS) via a systematic literature review. The result shows that there are several challenges to consider. In total, 8 themes of challenges were identified. Some examples of challenges are access control, patient trust, collaboration between multiple parties and the need for more knowledge. Further, to deal with the challenges, there is a need to improve governance and management of information security and privacy at the regional and national levels to include new services such as PeHS. Regardless of whether the patient information goes via the intra/inter-organizational e-health services or the Patient eHealth Services, the information is part of the patient's total information flow and must be included as a prominent part of healthcare's information security and privacy work to gain patient-centred and transparent care.
Emelie Mannebäck, Rose-Mharie Åhlfeldt
Information Security Management in Digitized Identity Systems
The Case of the Ghanaian National Identification Authority (NIA)
Abstract
The shift towards digitized identities and electronic ID cards presents significant information security management challenges for identity organisations like the NIA. The transition from securing paper records to electronic records and digital assets, such as citizen biometrics, is critical due to the potential implications of security issues on transactions requiring citizen identification and the protection of citizens’ privacy.
Our study, based on interviews with nine current and former senior managers of the NIA, reveals that the NIA faces unique challenges due to its nature as a public sector organisation and the political context within which it operates. These challenges include taking a holistic view of information security, instilling an information security culture, developing comprehensive information security policies, and ensuring policy compliance. Additionally, the NIA struggles with aligning its information security policies with relevant legislation, managing relationships with other government stakeholders and private sector organisations, and operating within government constraints. These challenges have significant implications for the NIA and other identity organisations facing similar issues.
Understanding and addressing these challenges can enhance information security management, safeguard digital assets, and ensure citizen privacy. However, these challenges occur in a context where management continuity is difficult due to political appointments and interference. These challenges are not unique to the NIA, as identity organisations in other developing countries face similar issues. Further research is needed to best address these challenges and ensure secure digitised identification.
Salim Awudu, Sotirios Terzis
Assessing Cyber Security Support for Small and Medium-Sized Enterprises
Abstract
Small and Medium-Sized Enterprises (SMEs) share many of the same cyber security needs and challenges as larger organisations, but often have significantly less knowledge and capability to deal with them. One of the fundamental issues can be where to find information in the first instance, to explain the nature of cyber threats and the subsequent actions that SMEs should be taking. In many cases, the natural route for interested or concerned SMEs is to seek and refer to related guidance that can be found online. However, this in itself can be a challenge considering the volume and variety of sources that can be located as a consequence. This paper investigates and analyses the situation, based upon a sample of over 30 UK-based guidance sources, and an assessment of their coverage, completeness and clarity. The results reveal that there is indeed a significant diversity in the materials that SMEs may be presented with, and this in turn could lead to inconsistent and potentially ill-informed decision-making. Additionally, in many cases, there will be a limit to how far the online support will take them, with the potential that questions remain unresolved, and SMEs could be more confused as a result of their efforts.
Neeshe Khan, Steven Furnell, Maria Bada, Jason R. C. Nurse, Matthew Rand

Social Engineering

Frontmatter
A Systematic Task and Knowledge-Based Process to Tune Cybersecurity Training to User Learning Groups: Application to Email Phishing Attacks
Abstract
Cybersecurity training is one of the most important countermeasures to address cybersecurity threats and their reported increase in terms of types and occurrences. Several approaches addressing the development of cybersecurity training have been proposed but a careful analysis of these approaches highlighted limitations both in terms of identification of required knowledge, skills, in terms of description of users’ tasks (the job they have to perform) as well as in terms of adaptation of the training to diverse user groups. This paper proposes a systematic process to tune cybersecurity training for diverse user groups, and in particular to support the development of cybersecurity training programs for different learning groups (built from the analysis of the diverse user groups). We illustrate this process on the concrete case of phishing attacks.
Nathan Monsoro, Célia Martinie, Philippe Palanque, Théo Saubanère
Defining Measures of Effect for Disinformation Attacks
Abstract
This study proposes three measures for assessing the survival of beliefs in a population subjected to a disinformation attack. The intent of these three measures was to simplify the task of assessing damage effects arising from disinformation attacks, and provide a means for comparing the relative effectiveness of alternate defensive or damage mitigation strategies. To define these measures and to bound the measures problem, disinformation attacks are characterised, disinformation effects and propagation behaviours are surveyed and summarised. Nine attributes are identified spanning scalability relative to a population and disinformation attack, propagation media independence, target attributes, media propagation attributes, effects of uncertainty, use of established models, probabilistic measures, and measurement methods. The three proposed measures were critically assessed against these nine desirable attributes. The three proposed measures are capable of capturing the aggregated effects of a disinformation attack, exposure effects produced by propagation through channels such as digital media, and the direct effects against the individuals or population being subjected to an attack. The separation of exposure and cognitive effects makes these measures suitable for use in defensive or damage mitigation strategies that include measures against disinformation propagation, and measures to increase individual or population resistance to disinformation.
Carlo Kopp
Phish and Tips:
Phishing Awareness and Education for Older Adults
Abstract
Older adults are particularly vulnerable to phishing attacks. Gamification has been shown to be less effective to develop confidence in distinguishing between genuine and phishing emails in this demographic. To overcome this, we present our novel, open source interactive training platform, Phish&Tips, based on a simulated inbox. Our multi-analysis approach provides comprehensive data that enables us to compare participant’s self-assessed competence with their performance on the training platform. We present results based on pre- and post-training surveys, focus groups and the analysis of the training platform data (\(N=37)\). Over half the participants demonstrated an improved understanding of various detection strategies and an increase in confidence in being able to interpret emails. However, these results were not evident in the analysis of the platform data. This disparity between participants’ perceived knowledge and their performance on the platform highlights the challenges of applying their knowledge effectively.
Stella Kazamia, Chris Culnane, Daniel Gardham, Suzanne Prior, Helen Treharne

Open Access

Literature Review: Misconceptions About Phishing
Abstract
Phishing is a danger to both private users and businesses. Industry and academia have proposed several approaches to deal with this threat, many of which developed with a supposedly human-centric design. Yet, to our knowledge, there is no research focused on the misconceptions that users might have on phishing. This glaring gap is a problem, as previous research has shown that not engaging with the mental model of users can lead to lack of effectiveness of an approach in the real world. To address this gap, we conducted a systematic literature review starting from papers published at CHI in the last ten years, and expanding to other venues through a backward and a forward search based on the initial relevant CHI papers. We identified 15 misconceptions about phishing in 21 papers that researchers should address in their solutions to enhance the effectiveness of their approaches.
Mattia Mossano, Melanie Volkamer

Technical Attacks and Defenses

Frontmatter
Linux Kernel Keyloggers and Information Security
Abstract
This research paper aims to build and explore a Linux kernel module capable of logging keystrokes that a user would make on a Linux-based system. The module captures credentials which is a process known as keylogging. The kernel of the operating system manages all resources and data, and a breach in this area is a serious information security risk. This paper provides substantial evidence that kernel-level keyloggers are a very serious risk to information security in operating systems and computer systems in general. Such keyloggers can log user information, such as passwords, usernames and other information without much of the user’s knowledge.
Louis Hassett, Daniel Ogwok
The Perceived Barriers to the Adoption of Blockchain in Addressing Cybersecurity Concerns in the Financial Services Industry
Abstract
The financial services industry has witnessed a notable surge in cyber-related crimes, necessitating the adoption of more robust cybersecurity measures. Current literature has identified that the adoption of blockchain can enhance the efficiency and integrity of cybersecurity mechanisms. Despite blockchain’s acknowledged cybersecurity capabilities in existing literature, the adoption rate of blockchain in the South African financial services industry has been relatively slow due to barriers associated with adopting a novel technology. This study interviewed 11 financial technology experts to gain insights into the perceived barriers to the adoption of blockchain technology to address cybersecurity concerns in the South African financial services industry. This research followed a deductive approach by combining constructs from the Innovation Resistance Theory and Technology-Organisation Framework to investigate the perceived barriers to the adoption of blockchain in addressing cybersecurity concerns in the financial services industry. The findings revealed that the adoption of blockchain in addressing cybersecurity in the South African financial services industry is influenced by the four main barriers: functional organisational-level, functional industry-level, psychological organisation-level, and psychological industry-level barriers. The functional barriers were influenced by the perceived value barrier, risk barrier, usage barrier, technology barrier, and regulatory environment barrier. The psychological barriers affecting blockchain adoption were influenced by the perceived image barrier and tradition barrier. Two additional barriers were found to inhibit the adoption of blockchain in addressing cybersecurity, namely, the use case barrier as a functional industry-level barrier and the knowledge barrier as a psychological organisation barrier.
J. Scott-King, Zainab Ruhwanya
An Interdisciplinary Thematic Analysis of the US National Guard Bureau Response to the SolarWinds Attack
Abstract
The SolarWinds attack of 2020 was one of the most impactful cyberattacks on the US. Our interdisciplinary research team had the opportunity to observe and analyze the human aspects of the corresponding incident response as it unfolded. Four main themes were identified through a series of interviews and incident observations. This led to an understanding of the importance of establishing the following for highly effective and efficient incident response teams: 1) a portfolio of tools for increasing communication, collaboration, comfort level, and cohesion, 2) a team with diverse education, training, and experience, especially military leadership experience, and 3) teams with long established relationships to achieve high levels of trust, cohesion, and resilience. Ultimately, this analysis resulted in recommendations for further enhancing teams operating at this scale and intensity.
Tristen Amador, Roberta Mancuso, Steven Fulton, Erik Moore, Daniel Likarish
Research Agenda for Speaker Authentication
Abstract
In this study, we thoroughly examined every component of speaker authentication, analyzing the input, process, and output phases to identify flaws and new threats. Our investigation is organized around specific research topics that aim to effectively address and minimize the identified dangers. By methodically exploring each component of the speaker authentication process, we not only identify possible issues but also recommend proactive methods to protect these systems from unauthorized access. Our research questions act as significant probes, allowing for a deeper knowledge of the underlying difficulties and leading to the creation of tailored authentication solutions. This study goes beyond theoretical analysis and provides practical insights and strategic recommendations for improving the security and reliability of speaker authentication systems in a variety of sectors, including cybersecurity and forensic analysis. We highlight the interrelated nature of the input, process, and output stages, emphasizing the importance of remaining vigilant in the face of emerging security risks. Our goal is to provide the necessary knowledge and tools to effectively handle the complexities of speaker authentication in the changing digital world. This work establishes a solid foundation for the development of safe and durable speaker authentication methods.
Ebenhaeser Janse van Rensburg, Reinhardt A. Botha, Bertram Haskins

Usable Security

Frontmatter
A Unified Privacy and Permission Management Framework
Abstract
The increase in online services and digital channels has led to a large accumulation of user data, thus compromising data privacy. Researchers in the field of cybersecurity are seeking guidelines and solutions to protect user privacy as data processing by service providers becomes more extensive. Ensuring user privacy is the key to data protection, and providing users with the means to control their data remains the most effective method. To address the current complexity and proliferation of privacy settings, the authors developed the Unified Privacy and Permission Management Framework. This is a user-centric approach that simplifies the decision-making process and enhances the usability of privacy controls. It is built upon empirical insights and open-ended questions to understand users’ knowledge, perceptions and behaviours. The framework empowers users by presenting a streamlined, intuitive interface that facilitates informed decision-making and provides meta-level settings. This paper provides an example of how it can be applied in real-world scenarios to enhance user experience. The framework enables informed decision-making by providing a simple and intuitive interface that simplifies the complexity of privacy settings. Through this scenario, we illustrate the significant benefits users can experience, highlighting the framework’s potential to transform privacy management in the era of smart devices.
Nourah Alshomrani, Steven Furnell, Helena Webb
Understanding Users’ Mental Models of Federated Identity Management (FIM): Use of a New Tangible Elicitation Method
Abstract
The number of passwords users require to interact with online accounts continues to grow, as the services they interact with online become more and more common. Federated Identity Management (FIM) offer an easy option for users to authenticate themselves to many accounts using just one password from an Identity Provider such as Facebook or Google. Previous research has shown that users are reluctant to use such systems and have inaccurate mental models of how they work, but much of the research is now over a decade old. An initial exploratory study with 12 users asked them to create a mental model of a particular concrete FIM scenario, using a new tangible elicitation method involving felt icons and a flocked board, based on the Fuzzy-Felt toy for young children. It was found that almost all participants had inaccurate mental models of FIM which may lead to hesitancy to use such systems: they believe much more information is passed to the website they wish to login to and they mis-understand the route taken by the information that is passed between their browser, the Identity Provider and the target website. The implications of these results and the new method of eliciting mental models are discussed.
Helen Petrie, Gayathri Sreekumar, Siamak Shahandashti
Multi-factor Authentication Adoption: A Comparison Between Digital Natives and Digital Immigrants in Sweden
Abstract
Multi-Factor Authentication (MFA) is commonly suggested as a good mechanism to overcome inherent security problems with the use of passwords. However, research suggests that MFA has so far failed to attract enough interest from users. Additionally, older users seem to be even more reluctant to use MFA. In Sweden, users are more or less required to use MFA to use services such as online banking, book doctors appointments online, and complete tax reports online. As such, Sweden is an interesting case for studying MFA adoption. This paper reports on mixed-methods research investigating how Swedish users in different age groups compare with respect to the adoption of MFA. The results suggest that users of different age are willing to adopt MFA when it is required for services they want or need to use. However, younger users appear to be more prone to voluntarily adopt MFA.
Joakim Kävrestad, Richard Fernow, David Lööf, Marcus Birath
Discerning Challenges of Security Information and Event Management (SIEM) Systems in Large Organizations
Abstract
Security Information and Event Management (SIEM) systems are essential for security experts in various daily tasks such as monitoring, anomaly detection, forensics, identifying indicators of compromises, threat hunting, and incident handling. Although many different SIEM systems are being used in large organizations, there needs to be more understanding of the existing challenges of SIEM systems from a human-centric cybersecurity perspective. The present study explores those challenges following a qualitative research approach utilizing the Delphi technique. Two rounds of interviews were conducted with twelve security experts in multiple large organizations. The experts expressed the challenges in the first round, exploring various components of user, usage, and usability of SIEM systems. Then, the challenges were divided into thirteen main categories based on the consensus level. In the second round, the experts validated and ranked the categories. Results show that the most significant challenges are related to usage, followed by usability and user components.
Patrick Shirazi, Ali Padyab
Assessing the Cybersecurity Needs and Experiences of Disabled Users
Abstract
Digital technology is incredibly crucial in today’s world. The use of technology is considered a right for both able and disabled users. Accessibility and security are two important concepts in the technology context. Accessibility refers to the level to which a product or service is designed to be utilized by people with disabilities. While security focuses on protecting a product or service from threats and harm. Accessible security refers to the practice of ensuring that digital products and services are not only secure but also accessible to everyone, including people with disabilities. Numerous studies have been conducted on the usage of technologies among people with disabilities. However, little research has been undertaken on accessible cybersecurity. Understanding encounters of disabled individuals with cybersecurity challenges can help develop more accessible and secure technologies and improve user experience. The first step to improving the accessibility of cybersecurity safeguards for users with disabilities is assessing their attitudes and needs. The aim of the study is to explore the cybersecurity attitude, behavior and awareness of people with various types of disability. The survey used to determine the most significant gap for people with disabilities in the accessible cybersecurity context to help them better handle and understand cyber threats in their everyday lives. The survey findings point out that having cybersecurity awareness does not always result in preventing security breaches. There is a gap between theoretical knowledge and practical application. There is a notable concern regarding insufficient technological safeguards. Recommendations are included for software developers to create a more accessible and secure digital environment.
Arwa Binsedeeq, Steven Furnell, Kirsi Helkala, Naomi Woods, Darren Chadwick, Chris Fullwood, Xavier Carpent, Nicolas Gervassis
Backmatter
Metadata
Title
Human Aspects of Information Security and Assurance
Editors
Nathan Clarke
Steven Furnell
Copyright Year
2025
Electronic ISBN
978-3-031-72559-3
Print ISBN
978-3-031-72558-6
DOI
https://doi.org/10.1007/978-3-031-72559-3

Premium Partner