Browsing by Author "Ashenden, Debi"
Now showing 1 - 5 of 5
Results Per Page
Sort Options
Item Open Access Design thinking for cyber deception(The University of Hawaiʻi at Mānoa, 2021-01-05) Ashenden, Debi; Black, Rob; Reid, Iain; Henderson, SimonCyber deception tools are increasingly sophisticated but rely on a limited set of deception techniques. In current deployments of cyber deception, the network infrastructure between the defender and attacker comprises the defence/attack surface. For cyber deception tools and techniques to evolve further they must address the wider attack surface; from the network through to the physical and cognitive space. One way of achieving this is by fusing deception techniques from the physical and cognitive space with the technology development process. In this paper we trial design thinking as a way of delivering this fused approach. We detail the results from a design thinking workshop conducted using deception experts from different fields. The workshop outputs include a critical analysis of design provocations for cyber deception and a journey map detailing considerations for operationalising cyber deception scenarios that fuse deception techniques from other contexts. We conclude with recommendations for future research.Item Open Access Effective online privacy mechanisms with persuasive communication(2016-08-10) Coopamootoo, P L; Ashenden, DebiThis thesis contributes to research by taking a social psychological perspective to managing privacy online. The thesis proposes to support the effort to form a mental model that is required to evaluate a context with regards to privacy attitudes or to ease the effort by biasing activation of privacy attitudes. Privacy being a behavioural concept, the human-computer interaction design plays a major role in supporting and contributing to end users’ ability to manage their privacy online. However, unless privacy attitudes are activated or made accessible, end users’ behaviour would not necessarily match their attitudes. This perspective contributes to explaining why online privacy mechanisms have long been found to be in-effective. Privacy academics and practitioners are queried for their opinions on aspects of usable privacy designs. Evaluation of existing privacy mechanisms (social network service, internet browsers privacy tabs and E-Commerce websites) for privacy experts’ requirements reveals that the privacy mechanisms do not provide for the social psychological processes of privacy management. This is determined through communication breakdowns within the interaction design and the lack of privacy disclosure dialectical tension, lack of disclosure context and visibility of privacy means. The thesis taps into established research in social psychology related to the attitude behaviour relationship. It proposes persuasive communication to support the privacy management process that is to enable end user control of their privacy while ensuring typical usability criteria such as minimum effort and ease of use. An experimental user study within an E-Commerce context provides evidence that in the presence of persuasive triggers that support the disclosure and privacy dialectic within a context of disclosure; end users can engage in privacy behaviour that match their privacy concerns. Reminders for privacy actions with a message that is personally relevant or has a privacy argument result in significantly more privacy behaviour than a simple reminder. However, reminders with an attractive source that is not linked with privacy can distract end users from privacy behaviour such that the observed response is similar to the simple reminder. This finding is significant for the research space since it supports the use of persuasive communication within human-computer interaction of privacy designs as a powerful tool in enabling attitude activation and accessibility such that cognitive evaluation of an attitude object can be unleashed and end users can have a higher likelihood of responding with privacy behaviour. It also supports the view that privacy designs that do not consider their interaction with privacy attitudes or their influence on behaviour can turn out to be in-effective although found to support the typical usability criteria. More research into the social-psychological aspects of online privacy management would be beneficial to the research space. Further research could determine the strength of activated or accessed privacy attitude caused by particular persuasive triggers and the extent of privacy behaviour. Longitudinal studies could also be useful to better understand online privacy behaviour and help designs of more effective and usable online privacy.Item Open Access Information Security management: A human challenge?(Elsevier, 2008-11) Ashenden, DebiThis paper considers to what extent the management of Information Security is a human challenge. It suggests that the human challenge lies in accepting that individuals in the organisation have not only an identity conferred by their role but also a personal and social identity that they bring with them to work. The challenge that faces organisations is to manage this while trying to achieve the optimum configuration of resources in order to meet business objectives. The paper considers the challenges for Information Security from an organisational perspective and develops an argument that builds on research from the fields of management and organisational behaviour. It concludes that the human challenge of Information Security management has largely been neglected and suggests that to address the issue we need to look at the skills needed to change organisational culture, the identity of the Information Security Manager and effective communication between Information Security Managers, end users and Senior Managers.Item Open Access Security dialogues: building better relationships between security and business(2016-08-09) Ashenden, Debi; Lawrence, DarrenIn the real world, there's often a discrepancy between an organization's mandated security processes and what actually happens. The social practice of security flourishes in the space between and around formal organizational security processes. By recognizing the value of risk management as a communication tool, security practitioners can tap opportunities to improve the security dialogue with staff.Item Open Access Your employees: the front line in cyber security(2016-05-27) Ashenden, DebiWith cyberattacks set to rise, it’s important that we empower employees to defend our front line.