Biblio

Cybersecurity is a growing concern for private individuals and professional entities. Thereby, reports have shown that the majority of cybersecurity incidents occur because users fail to behave securely. Research on human cybersecurity (HCS) behavior suggests that time pressure is one of the important driving factors behind insecure HCS behavior. However, as our review reveals, studies on the role of time pressure in HCS are scant and there is no framework that can inform researchers and practitioners on this matter. In this paper, we present a conceptual framework consisting of contexts, psychological constructs, and boundary conditions pertaining to the role time pressure plays on HCS behavior. The framework is also validated and extended by findings from semi-structured interviews of different stakeholder groups comprising of cybersecurity experts, professionals, and general users. The framework will serve as a guideline for future studies exploring different aspects of time pressure in cybersecurity contexts and also to identify potential countermeasures for the detrimental impact of time pressure on HCS behavior.

Currently, the guidelines for business entities to collect and use consumer information from online sources is guided by the Fair Information Practice Principles set forth by the Federal Trade Commission in the United States. These guidelines are inadequate, outdated, and provide little protection for consumers. Moreover, there are many techniques to anonymize the stored data that was collected by large companies and governments. However, what does not exist is a framework that is capable of evaluating and scoring the effects of this information in the event of a data breach. In this work, a framework for scoring and evaluating the vulnerability of private data is presented. This framework is created to be used in parallel with currently adopted frameworks that are used to score and evaluate other areas of deficiencies within the software, including CVSS and CWSS. It is dubbed the Privacy Assessment Vulnerability Scoring System (PAVSS) and quantifies the privacy-breach vulnerability an individual takes on when using an online platform. This framework is based on a set of hypotheses about user behavior, inherent properties of an online platform, and the usefulness of available data in performing a cyber attack. The weight each of these metrics has within our model is determined by surveying cybersecurity experts. Finally, we test the validity of our user-behavior based hypotheses, and indirectly our model by analyzing user posts from a large twitter data set.