Change search
Refine search result
1 - 31 of 31
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Cervantes Mori, Milagros D.
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Success factors and challenges in digital forensics for law enforcement in Sweden2021In: Proceedings of the 7th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2021): Virtual conference in Trento, Italy, October 11-12, 2021 / [ed] Peter Bednar; Alexander Nolte; Mikko Rajanen; Anna Sigridur Islind; Helena Vallo Hult; Fatema Zaghloul; Aurelio Ravarini; Alessio Maria Braccini, CEUR-WS , 2021, p. 100-116Conference paper (Refereed)
    Abstract [en]

    The widespread use of communication and digital technology has affected the number of devices requiring analysis in criminal investigations. Additionally, the increase in storage volume, the diversity of digital devices, and the use of cloud environments introduce more complexities to the digital forensic domain. This work aims to supply a taxonomy of the main challenges and success factors faced in the digital forensic domain in law enforcement. The chosen method for this research is a systematic literature review of studies with topics related to success factors and challenges in digital forensics for law enforcement. The candidate studies were 1,428 peer-reviewed scientific articles published between 2015 and 2021. A total of twenty-eight primary studies were analyzed by applying thematic coding. Furthermore, a survey of digital forensic practitioners from the Swedish Police was held to triangulate the results achieved with the systematic literature review. 

    Download full text (pdf)
    FULLTEXT01
  • 2.
    Holgersson, Jesper
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Cybersecurity and Digital Exclusion of Seniors: What Do They Fear?2021In: Human Aspects of Information Security and Assurance: 15th IFIP WG 11.12 International Symposium, HAISA 2021, Virtual Event, July 7–9, 2021, Proceedings / [ed] Steven Furnell; Nathan Clarke, Cham: Springer , 2021, p. 12-21Conference paper (Refereed)
    Abstract [en]

    The rapid development of digitalization has led to a more or less endless variety of ways for individuals to communicate and interact with the outside world. However, in order to take advantage of all the benefits of digitalization, individuals need to have the necessary skills. Seniors represent a group that, compared to other groups, lives in a digital exclusion to an excessive extent, mainly due to the fact that they lack the necessary knowledge to use digital technology and digital services. Based on empirical data collected from seniors partaking in digital training, we have analyzed their perceptions of why they and other seniors are digitally excluded. Our findings point out that a major barrier for seniors to be more digitally included is different variants of fear of using digital technology and digital services. The common denominator can be traced down the possibilities to be exposed to frauds, scams, viruses, and faulty handling, which in turn cause undesired consequences. Consequently, we propose a research agenda where digital training and digital inclusion measurements should be studied side by side with cybersecurity behavior. Thus, making cybersecurity a fundamental part of digital inclusion has the potential to minimize the fears identified in this research as inhibitors to technology adoption.

  • 3.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Eriksson, Fredrik
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    The Development of a Password Classification Model2018In: Journal of Information System Security, ISSN 1551-0123, E-ISSN 1551-0808, Vol. 14, no 1, p. 31-46Article in journal (Refereed)
    Abstract [en]

    In order to ensure that we are the only ones that can access our data, we use authentication to secure our computers and different online accounts. Passwords remain the most common type of authentication, even if there are several different ways to authenticate, including biometrics and tokens. With this study we aim to reveal and collect the different strategies that users are using when designing their passwords. To achieve this, a model was developed using interactive interviews with computer forensic experts. The model was then applied on 5,000 passwords gathered from 50 different password databases that had leaked to the Internet. The result is a model that can be used to classify passwords based on the strategy used to create them. As such, the results of this study increase the understanding of passwords and they can be used as a tool in education and training, as well as in future research.

  • 4.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Eriksson, Fredrik
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Understanding passwords – a taxonomy of password creation strategies2019In: Information and Computer Security, E-ISSN 2056-4961, Vol. 27, no 3, p. 453-467Article in journal (Refereed)
    Abstract [en]

    Purpose Using authentication to secure data and accounts has grown to be a natural part of computing. Even if several authentication methods are in existence, using passwords remains the most common type of authentication. As long and complex passwords are encouraged by research studies and practitioners alike, computer users design passwords using strategies that enable them to remember their passwords. This paper aims to present a taxonomy of those password creation strategies in the form of a model describing various strategies used to create passwords. Design/methodology/approach The study was conducted in a three-step process beginning with a short survey among forensic experts within the Swedish police. The model was then developed by a series of iterative semi-structured interviews with forensic experts. In the third and final step, the model was validated on 5,000 passwords gathered from 50 different password databases that have leaked to the internet. Findings The result of this study is a taxonomy of password creation strategies presented as a model that describes the strategies as properties that a password can hold. Any given password can be classified as holding one or more of the properties outlined in the model. Originality/value On an abstract level, this study provides insight into password creation strategies. As such, the model can be used as a tool for research and education. It can also be used by practitioners in, for instance, penetration testing to map the most used password creation strategies in a domain or by forensic experts when designing dictionary attacks.

  • 5.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Friman, Evelina
    Högskolan i Skövde, Forskningsmiljön Informationsteknologi.
    Bohlander, Joacim
    Högskolan i Skövde, Forskningsmiljön Informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Can Johnny actually like security training?2020In: Proceedings of the 6th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2020): Virtual conference in Grenoble, France, June 8-9, 2020 / [ed] Peter Bednar, Alexander Nolte, Mikko Rajanen, Helena Vallo Hult, Anna Sigridur Islind, Federico Pigni, CEUR-WS , 2020, p. 76-83Conference paper (Refereed)
    Abstract [en]

    Information security is a socio-technical property where a lot of traditional efforts has been placed in the technical domain. Security has been seen as a technical challenge and the solutions has been technical. However, it is well known that human behavior plays a key role in information security and the user is often seen as the weakest link in the security chain. As such, information security is a socio-technical property where the social, or human side needs increased attention. Security training is commonly suggested as the way to improve user behavior but the effects of various training efforts is also under-researched. This paper demonstrates how ContextBased MicroTraining (CBMT) can be implemented and performs a usability evaluation of that implementation. CBMT is a method for information security training which has been developed over years of research. The paper demonstrates that the CBMT method can aid in the development of highly usable security training. The paper also emphasizes the need for user centered design in development of security software intended for end-users. 

    Download full text (pdf)
    FULLTEXT01
  • 6.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Furnell, Steven
    School of Computer Science, University of Nottingham, UK.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    User perception of Context-Based Micro-Training – a method for cybersecurity training2024In: Information Security Journal, ISSN 1939-3555, E-ISSN 1939-3547, Vol. 33, no 2, p. 121-137Article in journal (Refereed)
    Abstract [en]

    User behavior is one of the biggest challenges to cybersecurity in modern organizations. Users are continuously targeted by attackers and required to have sufficient knowledge to spot and avoid such attacks. Different training methods are suggested and used in the industry to support users to behave securely. The challenge remains, and improved methods for end-user cybersecurity training are needed. This paper introduces and evaluates user perception of a method called Context-Based Micro-Training (CBMT). This approach suggests that training should be delivered in short sequences when the information is of direct relevance. The intention is to provide training directly related to the user’s current situation while also providing an awareness-increasing effect. This notion is tested in a survey-based evaluation involving 1,452 respondents from Sweden, Italy, and the UK, comparing the perception of CBMT against the experience of traditional approaches. The results emphasize that current methods are not effective enough and show that CBMT is perceived positively by respondents in all sample groups. The study further evaluated how demographic aspects impact the perception of CBMT and found that a diverse group of users can appreciate it.

    Download full text (pdf)
    FULLTEXT01
  • 7.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Furnell, Steven
    University of Nottingham, UK.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    What Parts of Usable Security Are Most Important to Users?2021In: Information Security Education for Cyber Resilience: 14th IFIP WG 11.8 World Conference, WISE 2021, Virtual Event, June 22–24, 2021, Proceedings / [ed] Lynette Drevin; Natalia Miloslavskaya; Wai Sze Leung; Suné von Solms, Cham: Springer , 2021, p. 126-139Conference paper (Refereed)
    Abstract [en]

    The importance of the human aspects of cybersecurity cannot be overstated in light of the many cybersecurity incidents stemming from insecure user behavior. Users are supposed to engage in secure behavior by use of security features or procedures but those struggle to get widespread use and one hindering factor is usability. While several previous papers studied various usability factors in the cybersecurity domain, a common understanding of usable security is missing. Further, usability covers a large range of aspects and understanding what aspects users prioritize is integral for development of truly usable security features. This paper builds on previous work and investigates what usability factors users prioritize and what demographic factors that affects the perception of usability factors. This is done through a survey answered by 1452 respondents from Sweden, Italy and UK. The results show that users prefer security functions to minimize resource consumption in terms of cost, device performance and time. The study further demonstrate that users want security functions to require as little effort as possible and just work. Further, the study determines that nation of residence and IT-competence greatly impacts the perception of usability for security functions while gender and age does so to a much lesser extent.

  • 8.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Gellerstedt, Martin
    Högskolan i Skövde, Institutionen för hälsovetenskaper.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Rambusch, Jana
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Survey of Users’ Willingness to Adopt and Pay for Cybersecurity Training2022In: Human Aspects of Information Security and Assurance: 16th IFIP WG 11.12 International Symposium, HAISA 2022, Mytilene, Lesbos, Greece, July 6–8, 2022, Proceedings / [ed] Nathan Clarke; Steven Furnell, Cham: Springer Nature Switzerland AG , 2022, p. 14-23Conference paper (Refereed)
    Abstract [en]

    The importance of user behaviour in the cybersecurity domain is widely acknowledged. Users face cyberthreats such as phishing and fraud daily, both at work and in their private use of technology. Using training interventions to improve users’ knowledge, awareness, and behaviour is a widely accepted approach to improving the security posture of users. Research into cybersecurity training has traditionally assumed that users are provided such training as members of an organization. However, users in their private capacity are expected to cater for their own security. This research addresses this gap with a survey where 1437 Swedish adults participated. Willingness to adopt and pay for different cybersecurity training types was measured. The included types were; training delivered to users in a context where the training is of direct relevance, eLearning and game-based training. The participants were most willing to adopt and pay for contextual training, while eLearning was the second most favoured training type. We also measured if willingness to pay and adopt cybersecurity training was impacted by the participant’s worry about various cyber threats. Surprisingly, no meaningful correlation was found, suggesting that something else than worry mediates willingness to adopt and pay for cybersecurity training. 

  • 9.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Hagberg, Allex
    Xenolith AB, Skövde, Sweden.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Rambusch, Jana
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Roos, Robert
    Xenolith AB, Skövde, Sweden.
    Furnell, Steven
    School of Computer Science, University of Nottingham, UK.
    Evaluation of Contextual and Game-Based Training for Phishing Detection2022In: Future Internet, E-ISSN 1999-5903, Vol. 14, no 4Article in journal (Refereed)
    Abstract [en]

    Cybersecurity is a pressing matter, and a lot of the responsibility for cybersecurity is put on the individual user. The individual user is expected to engage in secure behavior by selecting good passwords, identifying malicious emails, and more. Typical support for users comes from Information Security Awareness Training (ISAT), which makes the effectiveness of ISAT a key cybersecurity issue. This paper presents an evaluation of how two promising methods for ISAT support users in acheiving secure behavior using a simulated experiment with 41 participants. The methods were game-based training, where users learn by playing a game, and Context-Based Micro-Training (CBMT), where users are presented with short information in a situation where the information is of direct relevance. Participants were asked to identify phishing emails while their behavior was monitored using eye-tracking technique. The research shows that both training methods can support users towards secure behavior and that CBMT does so to a higher degree than game-based training. The research further shows that most participants were susceptible to phishing, even after training, which suggests that training alone is insufficient to make users behave securely. Consequently, future research ideas, where training is combined with other support systems, are proposed

    Download full text (pdf)
    FULLTEXT01
  • 10.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Hagberg, Allex
    Xenolith AB, Skövde, Sweden.
    Roos, Robert
    Xenolith AB, Skövde, Sweden.
    Rambusch, Jana
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Usable Privacy and Security from the Perspective of Cognitive Abilities2022In: Privacy and Identity Management. Between Data Protection and Security: 16th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Privacy and Identity 2021, Virtual Event, August 16–20, 2021, Revised Selected Papers / [ed] Michael Friedewald; Stephan Krenn; Ina Schiering; Stefan Schiffner, Springer , 2022, 1, p. 105-121Chapter in book (Refereed)
    Abstract [en]

    Privacy, Information, and Cybersecurity (PICS) are related properties that have become a concern for more or less everyone. A large portion of the responsibility for PICS is put on the end-user, who is expected to adopt PICS tools, guidelines, and features to stay secure and maintain organizational security. However, the literature describes that many users do not adopt PICS tools and a key reason seems to be usability. This study acknowledges that the usability of PICS tools is a crucial concern and seeks to problematize further by adding cognitive ability as a key usability aspect. We argue that a user’s cognitive abilities determine how the user perceives the usability of PICS tools and that usability guidelines should account for varying cognitive abilities held by different user groups. This paper presents a case study with focus on how cognitive disabilities can affect the usability of PICS tools. Interviews with users with cognitive disabilities as well as usability experts, and experts on cognitive disabilities were conducted. The results suggest that many of the usability factors are shared by all users, cognitive challenges or not. However, cognitive challenges often cause usability issues to be more severe. Based on the results, several design guidelines for the usability of PICS tools are suggested.

  • 11.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Lennartsson, Markus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Birath, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Constructing secure and memorable passwords2020In: Information and Computer Security, E-ISSN 2056-4961, Vol. 28, no 5, p. 701-717Article in journal (Refereed)
    Abstract [en]

    Purpose Using authentication to secure data and accounts has grown to be a natural part of computing. Even if several authentication methods are in existence, using passwords remain the most common type of authentication. As long and complex passwords are encouraged by research studies and practitioners alike, computer users design passwords using strategies that enable them to remember their passwords. This paper aims to find strategies that allow for the generation of passwords that are both memorable and computationally secure. Design/methodology/approach The study began with a literature review that was used to identify cognitive password creation strategies that facilitate the creation of passwords that are easy to remember. Using an action-based approach, attack models were created for the resulting creation strategies. The attack models were then used to calculate the entropy for passwords created with different strategies and related to a theoretical cracking time. Findings The result of this study suggests that using phrases with four or more words as passwords will generate passwords that are easy to remember and hard to attack. Originality/value This paper considers passwords from a socio-technical approach and provides insight into how passwords that are easy to remember and hard to crack can be generated. The results can be directly used to create password guidelines and training material that enables users to create usable and secure passwords.

  • 12.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Lindvall, David
    Skövde Municipality, Sweden.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Combating digital exclusion with cybersecurity training – an interview study with Swedish seniors2023In: Human Aspects of Information Security and Assurance: 17th IFIP WG 11.12 International Symposium, HAISA 2023, Kent, UK, July 4–6, 2023, Proceedings / [ed] Steve Furnell; Nathan Clarke, Cham: Springer , 2023, p. 3-12Conference paper (Refereed)
    Abstract [en]

    While rapid digitalization is beneficial for a majority of all people, some people struggle to adopt digital technology. Not only do these persons miss the potential benefits of digitalization, but they are also suffering from the fact that many services are no longer provided in a non-digital way. Previous research suggests that a lack of security literacy and awareness is one driving factor behind the digital exclusion for senior citizens. To that end, this research focuses on cybersecurity training for seniors. Seniors are here defined as those aged above 65. Using interviews with eight seniors, this research evaluates the use of contextual training in this user group. The rationale is that contextual training has been found to have positive results in other user groups. The results suggest that contextual cybersecurity training can increase cybersecurity awareness for senior citizens and be appreciated by the users. The participants also confirm previous research describing that cybersecurity concerns are a driving factor behind digital exclusion and that contextual cybersecurity training can make seniors more comfortable adopting digital services.

  • 13.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Marcus, Nohlberg
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Online Fraud Defence by Context Based Micro Training2015In: Online Fraud Defence by Context Based Micro Training / [ed] Steven M. Furnell; Nathan L. Clarke, University of Plymouth Press , 2015, p. 256-264Conference paper (Refereed)
    Abstract [en]

    Online frauds are a category of Internet crime that has been increasing globally over the past years. Online fraudsters use a lot of different arenas and methods to commit their crimes and that is making defence against online fraudsters a difficult task. Today we see continuous warnings in the daily press and both researchers and governmental web-pages propose that Internet users gather knowledge about online frauds in order to avoid victimisation. In this paper we suggest a framework for presenting this knowledge to the Internet users when they are about to enter a situation where they need it. We provide an evaluation of the framework that indicates that it can both make users less prone to fraudulent ads and more trusting towards legitimate ads. This is done with a survey containing 117 participants over two groups where the participants were asked to rate the trustworthiness of fraudulent and legitimate ads.. One groups used the framework before the rating and the other group did not. The results showed that, in our study, the participants using the framework put less trust in fraudulent ads and more trust in legitimate ads. 

    Download full text (pdf)
    FULLTEXT01
  • 14.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Assisting Users to Create Stronger Passwords Using ContextBased MicroTraining2020In: ICT Systems Security and Privacy Protection: 35th IFIP TC 11 International Conference, SEC 2020, Maribor, Slovenia, September 21–23, 2020, Proceedings / [ed] Marko Hölbl, Kai Rannenberg, Tatjana Welzer, Cham: Springer , 2020, p. 95-108Conference paper (Refereed)
    Abstract [en]

    In this paper, we describe and evaluate how the learning framework ContextBased MicroTraining (CBMT) can be used to assist users to create strong passwords. Rather than a technical enforcing measure, CBMT is a framework that provides information security training to users when they are in a situation where the training is directly relevant. The study is carried out in two steps. First, a survey is used to measure how well users understand password guidelines that are presented in different ways. The second part measures how using CBMT to present password guidelines affect the strength of the passwords created. This experiment was carried out by implementing CBMT at the account registration page of a local internet service provider and observing the results on user-created passwords. The results of the study show that users presented with passwords creation guidelines using a CBMT learning module do understand the password creation guidelines to a higher degree than other users. Further, the experiment shows that users presented with password guidelines in the form of a CBMT learning module do create passwords that are longer and more secure than other users. The assessment of password security was performed using the zxcvbn tool, developed by Dropbox, that measures password entropy.

  • 15.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Context-Based Micro-training2022In: Encyclopedia of Cryptography, Security and Privacy / [ed] Sushil Jajodia; Pierangela Samarati; Moti Yung, Springer , 2022Chapter in book (Refereed)
  • 16.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    ContextBased MicroTraining: A Framework for Information Security Training2020In: Human Aspects of Information Security and Assurance: 14th IFIP WG 11.12 International Symposium, HAISA 2020, Mytilene, Lesbos, Greece, July 8–10, 2020, Proceedings / [ed] Nathan Clarke, Steven Furnell, Cham: Springer , 2020, p. 71-81Conference paper (Refereed)
    Abstract [en]

    This paper address the emergent need for training measures designed to improve user behavior in regards to security. We do this by proposing a framework for information security training that has been developed for several years and over several projects. The result is the framework ContextBased MicroTraining (CBMT) which provides goals and guidelines for how to better implement information security training that supports the user in the situation where the user needs support. CBMT has been developed and tested for use in higher education as well as for the support of users during passwords creation. This paper presents version 1.0 of the framework with the latest renements.

  • 17.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Defining and modelling the online fraud process2018In: Proceedings of the twelfth International Symposium on Human Aspects of Information Security & Assurance: HAISA 2018 / [ed] Nathan L. Clarke; Steven M. Furnell, Plymouth: University of Plymouth Press , 2018, p. 203-213Conference paper (Refereed)
    Abstract [en]

    As we have become more and more active online so has online criminals. Looking at one type of Internet crimes, online frauds, it is apparent that any-one can be targeted by a fraudster online. It has also been shown that online frauds keep increasing from year to year. It has even been estimated that one third of the adult population in America encounters online fraudsters, annually. In this paper we aimed to increase the knowledge about online frauds. We did this by producing a model that describes the process and aspects of an online fraud as well as a proposed definition of the term "online fraud". In this paper, we present the model and definition that we created and demonstrate their usefulness. The usefulness is demonstrated in our validation step, where we applied the definition to known online fraud schemes. We also conducted an interview in which the model was said to be useful in order to explain how an online fraud scheme was carried out, during a criminal prosecution. As such, that demonstrates that our model can be used to increase the understanding of online frauds.

  • 18.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Evaluation Strategies for Cybersecurity Training Methods: A Literature Review2021In: Human Aspects of Information Security and Assurance: 15th IFIP WG 11.12 International Symposium, HAISA 2021, Virtual Event, July 7–9, 2021, Proceedings / [ed] Steven Furnell; Nathan Clarke, Cham: Springer , 2021, p. 102-112Conference paper (Refereed)
    Abstract [en]

    The human aspect of cybersecurity continues to present challenges to researchers and practitioners worldwide. While measures are being taken to improve the situation, a vast majority of security incidents can be attributed to user behavior. Security and Awareness Training (SAT) has been available for several decades and is commonly given as a suggestion for improving the cybersecurity behavior of end-users. However, attackers continue to exploit the human factor suggesting that current SAT methods are not enough. Researchers argue that providing knowledge alone is not enough, and some researchers suggest that many currently used SAT methods are, in fact, not empirically evaluated. This paper aims to examine how SAT has been evaluated in recent research using a structured literature review. The result is an overview of evaluation methods which describes what results that can be obtained using them. The study further suggests that SAT methods should be evaluated using a variety of methods since different methods will inevitably provide different results. The presented results can be used as a guide for future research projects seeking to develop or evaluate methods for SAT.

  • 19.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Using Context Based MicroTraining to Develop OER for the Benefit of All2019In: Proceedings of the 15th International Symposium on Open Collaboration, OpenSym 2019, 20-22 August 2019, Skövde, Sweden, New York: ACM Digital Library , 2019, article id A7Conference paper (Refereed)
    Abstract [en]

    This paper demonstrates how Context Based MicroTraining (CBMT) can be used to develop open educational resources in a way that benefits students enrolled in university courses as well as anyone who wants to participate in open-learning activities. CBMT is a framework that provides guidelines for how educational resources should be structured. CBMT stipulates that information should be presented in short sequences and that is relevant for the learner’s current situation. In this paper, CBMT is implemented in a practical ICT course using video lectures that are delivered as open educational resources using YouTube. The experiences of enrolled students as well as YouTube users are evaluated as well as the actual results of the enrolled students. The results of the study suggest that users of the video lectures appreciate the learning approach. The actual results, i.e. learning outcomes, of the enrolled students are maintained. The study also demonstrates how using CBMT as open educational resources can free up time for teachers and increase the quality of teaching by benefitting from community feedback.

  • 20.
    Kävrestad, Joakim
    et al.
    University of Skövde, Skövde, Sweden.
    Nohlberg, Marcus
    University of Skövde, Skövde, Sweden.
    Furnell, Steven
    University of Nottingham, Nottingham, United Kingdom.
    A taxonomy of SETA methods and linkage to delivery preferences2023In: Data Base for Advances in Information Systems, ISSN 0095-0033, Vol. 54, no 4, p. 107-133Article in journal (Refereed)
    Abstract [en]

    Cybersecurity threats targeting users are common in today’s information systems. Threat actors exploit human behavior to gain unauthorized access to systems and data. The common suggestion for addressing this problem is to train users to behave better using SETA programs. The notion of training users is old, and several SETA methods are described in scientific literature. Yet, incidents stemming from insecure user behavior continue to happen and are reported as one of the most common types of incidents. Researchers argue that empirically proven SETA programs are needed and point out focus on knowledge rather than behavior, and poor user adoption, as problems with existing programs. The present study aims to research user preferences regarding SETA methods, with the motivation that a user is more likely to adopt a program perceived positively. A qualitative approach is used to identify existing SETA methods, and a quantitative approach is used to measure user preferences regarding SETA delivery. We show that users prefer SETA methods to be effortless and flexible and outline how existing methods meet that preference. The results outline how SETA methods respond to user preferences and how different SETA methods can be implemented to maximize user perception, thereby supporting user adoption.

    Download full text (pdf)
    Fulltext
  • 21.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Pettersson, Rickard
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    The language effect in phishing susceptibility2020In: Proceedings of the 6th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2020): Virtual conference in Grenoble, France, June 8-9, 2020 / [ed] Peter Bednar, Alexander Nolte, Mikko Rajanen, Helena Vallo Hult, Anna Sigridur Islind, Federico Pigni, CEUR-WS , 2020, p. 162-167Conference paper (Refereed)
    Abstract [en]

    Phishing has been, and remains to be, one of the most common types of social engineering. It is the act of tricking users to perform actions they normally wouldn’t using e-mail. Since phishing involves using technical measures to trick users, it is a social technical phenomenon that must be understood from the technical as well as the social side. While phishing and phishing susceptibility has been researched for decades, the effect of language ability on phishing susceptibility is underresearched. In this paper, we conducted a survey where we had swedes rate their English ability before classifying e-mails in Swedish and English as fraudulent or legitimate. The results shows that the respondents English ability does affect the ability to correctly identify legitimate emails and brings another piece to the puzzle of phishing susceptibility.

    Download full text (pdf)
    FULLTEXT01
  • 22.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Skärgård, Marie
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Users perception of using CBMT for information security training2019In: Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019) / [ed] Steven M. Furnell; Nathan L. Clarke, University of Plymouth Press , 2019, p. 122-131Conference paper (Refereed)
    Abstract [en]

    It is well established that user behavior is a crucial aspect of information security and archivingsecure behavior through awareness and security training is the go-to solution proposed bypractitioners as well as the research community. Thus, there is a dire need for efficient trainingmethods for use in the security domain. This paper introduces ContextBased MicroTraining(CBMT), a framework for information security training that dictated that information securitytraining should be delivered to end users in short-sequences when the users are in a situationwhere the training is needed. Further, the users' perception of CBMT in evaluated in an onlinesurvey where about 200 respondents are subjected to training material and asked about how theyperceived them. The results show that users like the training material designed according to theCBMT framework and would prefer to use CBMT over other traditional methods of informationsecurity training.

  • 23.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Zaxmy, Johan
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Analysing the Usage of Character Groups and Keyboard Patterns in Password Usage2019In: Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019) / [ed] Steven M. Furnell, Nathan L. Clarke, University of Plymouth Press , 2019, p. 155-165Conference paper (Refereed)
    Abstract [en]

    Even with the advances in different methods for authentication, passwords remain the mostcommon approach for authentication as well as for encryption of user data. Password guessingattacks have grown to be a vital part of computer forensics as well as penetration testing. In thispaper, we seek to provide a statistical analysis of password composition by analyzing whatcharacter sets that are most commonly used in over 1 billion leaked passwords in over 20different databases. Further, we use a survey to analyze if users that actively encrypt data differfrom the norm. The results of this study suggest that American lowercase letters and numbersare the, by far, most commonly used character sets and that users who actively encrypt data usekeyboard patterns and special characters more frequently than the average user.

  • 24.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Zaxmy, Johan
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Analyzing the usage of character groups and keyboard patterns in password creation2020In: Information and Computer Security, E-ISSN 2056-4961, Vol. 28, no 3, p. 347-358Article in journal (Refereed)
    Abstract [en]

    Purpose

    Using passwords to keep account and data safe is very common in modern computing. The purpose of this paper is to look into methods for cracking passwords as a means of increasing security, a practice commonly used in penetration testing. Further, in the discipline of digital forensics, password cracking is often an essential part of a computer examination as data has to be decrypted to be analyzed. This paper seeks to look into how users that actively encrypt data construct their passwords to benefit the forensics community.

    Design/methodology/approach

    The study began with an automated analysis of over one billion passwords in 22 different password databases that leaked to the internet. The study validated the result with an experiment were passwords created on a local website was analyzed during account creation. Further a survey was used to gather data that was used to identify differences in password behavior between user that actively encrypt their data and other users.

    Findings

    The result of this study suggests that American lowercase letters and numbers are present in almost every password and that users seem to avoid using special characters if they can. Further, the study suggests that users that actively encrypt their data are more prone to use keyboard patterns as passwords than other users.

    Originality/value

    This paper contributes to the existing body of knowledge around password behavior and suggests that password-guessing attacks should focus on American letters and numbers. Further, the paper suggests that forensics experts should consider testing patterns-based passwords when performing password-guessing attacks against encrypted data.

  • 25.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Åhlfeldt, Rose-Mharie
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Karonen, Johani
    Högskolan i Skövde.
    Kowalski, Stewart
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Spiraling out in control: A Video Cartesian Dialectic on a Socio-technical Approach to Teaching Privacy, Information- and Cyber Security (PICS)2019In: Socio-Technical Perspective in IS Development 2019: Proceedings of the 5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019) / [ed] Stewart Kowalski; Peter Bednar; Alexander Nolte; Ilia Bider, CEUR-WS , 2019, p. 153-155Conference paper (Refereed)
    Download full text (pdf)
    FULLTEXT01
  • 26.
    Lennartsson, Markus
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Exploring the Meaning of "Usable Security"2020In: Human Aspects of Information Security and Assurance: 14th IFIP WG 11.12 International Symposium, HAISA 2020, Mytilene, Lesbos, Greece, July 8–10, 2020, Proceedings / [ed] Clarke, Nathan, Furnell, Steven, Cham: Springer , 2020, p. 247-258Conference paper (Refereed)
    Abstract [en]

    While there are many examples of incidents that make theneed for more work around the human aspects of security apparent, theliterature makes it obvious that usable security can mean many dierentthings and usable security is a complex matter. This paper reports on astructured literature review that analyzed what the research communityconsiders to be included in the term "usable security". Publications fromthe past ve years were analyzed and dierent perceptions of usablesecurity were gathered. The result is a listing of the dierent aspectsthat are discussed under the term "usable security" and can be used as areference for future research of practitioners who are developing securityfunctions with usability in mind.

  • 27.
    Lennartsson, Markus
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Exploring the meaning of usable security – a literature review2021In: Information and Computer Security, E-ISSN 2056-4961, Vol. 29, no 4, p. 647-663Article, review/survey (Refereed)
    Abstract [en]

    Purpose

    For decades, literature has reported on the perceived conflict between usability and security. This mutual trade-off needs to be considered and addressed whenever security products are developed. Achieving well-balanced levels of both is a precondition for sufficient security as users tend to reject unusable solutions. To assess it correctly, usability should be evaluated in the context of security. This paper aims to identify and describe universally applicable and solution-independent factors that affect the perceived usability of security mechanisms.

    Design/methodology/approach

    The selected methodology was a systematic literature review during which multiple database resources were queried. Application of predefined selection criteria led to the creation of a bibliography before backward snowballing was applied to minimize the risk of missing material of importance. All 70 included publications were then analyzed through thematic analysis.

    Findings

    The study resulted in the identification of 14 themes and 30 associated subthemes representing aspects with reported influence on perceived usability in the context of security. While some of them were only mentioned sparsely, the most prominent and thus presumably most significant ones were: simplicity, information and support, task completion time, error rates and error management.

    Originality/value

    The identified novel themes can increase knowledge about factors that influence usability. This can be useful for different groups: end users may be empowered to choose appropriate solutions more consciously, developers may be able to avoid common usability pitfalls when designing new products and system administrators may benefit from a better understanding of how to configure solutions and how to educate users efficiently.

    Download full text (pdf)
    FULLTEXT01
  • 28.
    Nohlberg, Marcus
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Exploring Information Security and Domestic Equality2020In: Human Aspects of Information Security and Assurance: 14th IFIP WG 11.12 International Symposium, HAISA 2020, Mytilene, Lesbos, Greece, July 8–10, 2020, Proceedings / [ed] Nathan Clarke, Steven Furnell, Cham: Springer , 2020, p. 224-232Conference paper (Refereed)
    Abstract [en]

    It is well known that men and women dier in terms of securitybehavior. For instance, studies report that gender plays a role insecurity non-compliance intentions, malware susceptibility, and securityself-ecacy. While one reason for gender-based dierences can be thatwomen are vastly underrepresented in the community of security professionals,the impact that gender dierences in security behavior haveon equality is an underresearched area. This paper argues that cyberinequalitycan impact domestic inequality and even be an enabler fordomestic abuse. This paper intends to shed light on how digitalizationworks in households in order to problematize around equality in the digitalera. It reports on a survey that measures dierent factors of personalinformation security and shows that men and women do indeed dierin personal information security behavior on a number of points suchas men being more inuential when it comes to ICT decisions in thehousehold.

  • 29.
    Nordberg, Pontus
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Automatic Detection of Fake News2020In: Proceedings of the 6th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2020): Virtual conference in Grenoble, France, June 8-9, 2020, CEUR-WS , 2020, p. 168-179Conference paper (Refereed)
    Abstract [en]

    Following the American presidential election in 2016, the terms ”fake news” was popularized and has since been a common term in the public vocabulary. While quite recently popularized, fake news is a phenomenon that is as old as news itself and is most commonly defined as purposeful disinformation used to untrue information or skewed reporting intended to push a certain narrative. In recent years, fake news has seen frequently in attempts to influence elections or by organized crime organizations in various efforts to make money, not least drawing from the ongoing CoVid-19 pandemic. We argue that the phenomenon must be researched from technical as well as from social aspects, since it involved using technical tools to spread information targeted humans. In this paper, we identify key methods for automatic fake news detection in order to lay the foundation for end-user support system designed to help users identify and avoid fake news.

    Download full text (pdf)
    FULLTEXT01
  • 30.
    Salek, Aous Al
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Exploring Experiences of Using SETA in Nordic Municipalities2021In: Human Aspects of Information Security and Assurance: 15th IFIP WG 11.12 International Symposium, HAISA 2021, Virtual Event, July 7–9, 2021, Proceedings / [ed] Steven Furnell; Nathan Clarke, Cham: Springer , 2021, p. 22-31Conference paper (Refereed)
    Abstract [en]

    User behavior is a key aspect of cybersecurity and it is well documented that insecure user behavior is the root cause of the majority of all cybersecurity incidents. Security Education, Training, and Awareness (SETA) is described by practitioners and researchers as the most important tool for improving cybersecurity behavior and has been for several decades. Further, there are several ways to work with SETA found in academic literature and a lot of research into various aspects of SETA effectiveness. However, the problem of insecure user behavior remains revealing a need for further research in the domain. While previous research have looked at the users’ experience of SETA, this study looks at SETA adoption from the perspective of the adopting organization. For this purpose, a survey was sent out to all Nordic municipalities with the intent of measuring if and how SETA is conducted, and how the respondents would ideally like to conduct SETA. The results show that a majority of the participating organizations use SETA and that e-learning is the most common delivery method. However, the results also show that gamification and embedded training is seldom used in practice nor a part of the participants’ picture of ideal SETA.

  • 31.
    Åhlfeldt, Rose-Mharie
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Andersén, Annelie
    Högskolan i Skövde, Institutionen för hälsa och lärande.
    Eriksson, Nomie
    Högskolan i Skövde, Institutionen för handel och företagande.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Bergström, Erik
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Fischer Hübner, Simone
    Karlstads universitet.
    Kompetensbehov och kompetensförsörjning inom informationssäkerhet från ett samhällsperspektiv2015Report (Other academic)
    Abstract [sv]

    På uppdrag av Myndigheten för samhällsskydd och beredskap (MSB) har en studie genomförts med syftet att komplettera resultatet från en tidigare genomförd förstudie (Åhlfeldt m.fl., 2014) med en analys av kompetensförsörjning och kompetensbehov på informations­säkerhetsområdet från ett samhällsperspektiv. Arbetet har genomförts av forskare från två lärosäten, Högskolan i Skövde och Karlstad Universitet, samt inom tre forskningsdiscipliner: pedagogik, informationssäkerhet och företagsekonomi.

    Uppdraget har varit att besvara följande frågeställningar:

    • Vilka är kompetensbehoven för att ha en god och balanserad informationssäkerhet som bidrar till samhällets informationssäkerhet?
      • Samtida kompetensbehov (nuläget)
      • Framtida kompetensbehov
      • Hur ska nödvändig kompetens erhållas och på vem ligger ansvaret?
      • Utifrån ovanstående frågeställningar, vilka är de viktigaste framgångsfaktorerna?

    Arbetet har genomförts i form av fokusgrupper med representanter från myndigheter och företag som har en nära verksamhetskoppling till samhällets informationssäkerhet och som är viktiga för att samhällets informationssäkerhet ska fungera.

    Resultatet visar att det finns stora brister avseende informationssäkerhetskompetens på alla nivåer i samhället. Tre tydliga områden pekas ut 1) nationellt - ökat behov av starkare styrning och ledning samt kravställning 2) organisation - ökat behov av kompetens från ledning till medarbetare men med starkt fokus på kompetenshöjande åtgärder på ledningsnivå samt vid upphandling och 3) medborgarperspektivet där framförallt skolområdet lyfts fram som ett viktigt insatsområde för kompetenshöjande åtgärder.

    För att uppnå nödvändig kompetens krävs utbildningsinsatser på alla ovan angivna områden. Dels utbildningar på akademisk nivå för informationssäkerhetsexperter men även övriga utbildningar inom t ex juridik och ekonomi. Även yrkesverksamma på organisationsnivå behöver riktade kompetenshöjande åtgärder som sätter informationssäkerhet i fokus utifrån organisationens verksamhetsbehov, allt ifrån ledningsnivå till medarbetarnivå.

    Resultatet visar även att ansvaret för samhällets kompetensförsörjning för informationssäkerhet ligger även den på alla ovan nämnda tre områden men med tydlig betoning på nationell nivå. Här betonas behovet av nationella krav för att medvetandegöra och lyfta informations­säkerheten i samhällsviktig verksamhet för att nå så många medborgare som möjligt.  

    Förslag på framtida arbete avseende utveckling av metoder för framtida studier av kompetensförsörjningen pekar främst på metoder för att angripa bristen på helhetssyn samt kompetensförsörjning för management och medborgare.

    Download full text (pdf)
    FULLTEXT01
1 - 31 of 31
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf