Change search
Refine search result
12 1 - 50 of 51
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Ameel, Hans
    et al.
    Howest University of Applied Sciences, Kortrijk, Belgium.
    Decavele, Tom
    Howest University of Applied Sciences, Kortrijk, Belgium.
    Eeckhout, Claudia
    Howest University of Applied Sciences, Kortrijk, Belgium.
    van der Heide, Josha
    Windesheim University of Applied Sciences, Zwolle, The Netherlands.
    Lohner, Daniela
    St. Pölten University of Applied Sciences, St. Pölten, Austria.
    van der Ploeg, Bram
    Windesheim University of Applied Sciences, Zwolle, The Netherlands.
    Rietberg, Wim
    Windesheim University of Applied Sciences, Zwolle, The Netherlands.
    Steiner-Cardell, Andrea
    St. Pölten University of Applied Sciences, St. Pölten, Austria.
    Tjoa, Simon
    St. Pölten University of Applied Sciences, St. Pölten, Austria.
    Kochberger, Patrick
    St. Pölten University of Applied Sciences, St. Pölten, Austria.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Luh, Robert
    St. Pölten University of Applied Sciences, St. Pölten, Austria.
    Experiences From a Multi-National Course in Cybersecurity Awareness Raising2023In: International Journal of Information Security and Cybercrime (IJISC), ISSN 2285-9225, Vol. 12, no 1, p. 18-22, article id 2Article in journal (Refereed)
    Abstract [en]

    The European Union (EU), as well as the entire world, is facing emerging challenges in the cybersecurity domain. Two of the most prominent challenges are citizens’ cybersecurity awareness which is the first line of defense against cybersecurity incidents, and the cybersecurity skill gap expected to lead to a future shortage of cybersecurity professionals. This paper presents an effort to combat those issues through the implementation of an intra-European course on cybersecurity awareness. The course engages university students from four EU member states who learn about increasing cybersecurity awareness while practically developing cybersecurity awareness activities for preadolescents. The paper provides an overview of the course and lessons learned from implementing it in international cooperation. The intention is to provide a guide for the development of such courses and outline success factors others can adopt and pitfalls that should be avoided.

  • 2.
    Bergström, Erik
    et al.
    Högskolan i Skövde, Forskningscentrum för Informationsteknologi.
    Holgersson, Jesper
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Kävrestad, Joakim
    Jönköping University, School of Engineering, JTH, Department of Computer Science and Informatics. Högskolan i Skövde, Institutionen för informationsteknologi.
    Larsson, Sanna
    Högskolan i Skövde.
    Lindgren, Frida
    Högskolan i Skövde.
    Mandl, Paul
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Persson, Louise
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Svensson, Henrik
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Erfarenheter, lärdomar och effekter med gränsöverskridande arbete för utbytesstudier2018In: NU2018 - Det akademiska lärarskapet, 2018, article id 685Conference paper (Refereed)
    Abstract [sv]

    I Högskolan i Skövdes (HS) nuvarande utvecklingsplan beskrivs att samtliga utbildningsprogram som ges vid lärosätet skall erbjuda möjligheter till studier utomlands. Som en konsekvens har en strategisk satsning för att stimulera en ökad mobilitet vid HS initierats genom att Institutionen för informationsteknologi (IIT) tillsammans med verksamhetsstödet har deltagit i ett UHR-projekt med fokus på vägledningsprocessen i samband med mobilitet.

    Projektet har pågått under 18 månader och ett 10-tal deltagare som representerar de flesta roller som är involverade i internationaliseringsarbetet på IIT och verksamhetsstödet har ingått. Projektet har bedrivits främst som en serie av workshoppar där parallell datainsamling har skett med hjälp av intervjuer och enkätstudier.

    I detta bidrag vill vi visa några av de mål som projektet fokuserat på samt syftet med dessa. Projektet har haft följande mål:

    Identifiera minst tre partnerlärosäten som passar varje utbildningsprogram - Målet syftar till att kartlägga både existerande och nya partnerlärosäte för att på så sätt sänka tröskeln för studenter som är intresserade av utbyte, men som har svårt att hitta lämpliga alternativ.

    Tydliggöra roll- och ansvarsfördelning i mobilitetsprocessen - Detta mål syftar till att utforma processbeskrivningar för att tydliggöra roll- och ansvarsfördelning kring utresandeprocessen för programansvarig, ämnesföreträdare, internationell koordinator, studie- och karriärvägledaren, studenten och partnerlärosätet. Även kommunikationsaspekter och studentperspektiv beaktas i detta mål.

    Skapa adekvat vägledning och informationsinsatser gentemot studenterna - Syftet med målet är att utveckla, strukturera och systematisera informationsvägar och kommunikation mellan vägledning, programansvarig, partnerlärosäte och studenter.

    Identifiera och utvärdera nyckelfaktorerna för att förbättra stödet till studenterna, undanröja hinder i mobilitetsprocessen samt underlätta programansvarigas och studie- och karriärvägledarnas arbete med utresande studenter - Målet är att identifiera och utvärdera nyckelfaktorer som hindrar mobilitet som kan spridas internt på HS samt externt för att i förlängningen öka mobiliteten bland Sveriges studenter.

    Se till att samtliga kandidatprogram på IIT har en termin avsatt för utlandsstudier och undanröja de hinder som finns i befintliga programstrukturer - Syftet är att göra det enklare för studenter att under sin ordinarie studietid genomföra utbytesstudier utan att deras studier vid HS blir drabbade av förkunskapsstrukturer som hindrar fortsatta studier vid hemkomst.

    I studien inkludera de studenter som har varit intresserade eller sökt utbytesstudier men som inte kommit iväg på utbyte - Syftet är att skapa en god översikt över vilka skäl denna studentkategori har haft för att avstå utbytesstudier för att på så vis kunna förbättra existerande processer för utbytesstudier och därmed minimera risken att intresserade studenter väljer att avstå från utbytesstudier.

    Vid projektets avslut analyserades projektets direkta och indirekta interorganisatoriska effekter tillsammans med aktuell statistik för de studenter som under 2017 nominerats för utbytesstudier. En uppenbar effekt av projektets arbete är att antalet studenter som 2017 vid IIT nominerats för utbytesstudier ökat kraftigt. Likaså observeras ökade kunskaper om processen kring utbytesstudier och ett förbättrat studentperspektiv och bättre kunskaper om studenternas upplevelse av nomineringsprocessen.

    Under presentation vill vi visa upp fler detaljer från vår analys samt hur vi planerar att arbeta vidare med de resultat vi fått fram i projektet.

  • 3.
    Birath, Marcus
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Ginman, Johan
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    A Model for the Creation of Biographical Dictionaries2022In: Proceedings of the 8th International Workshop on Socio-Technical Perspective in Information Systems Development (STPIS 2022): Hybrid conference in Reykjavik, Iceland, August 19-20, 2022 / [ed] Peter Bednar; Anna Sigridur Islind; Helena Vallo Hult; Alexander Nolte; Mikko Rajanen; Fatema Zaghloul; Aurelio Ravarini; Alessio Maria Braccini, CEUR-WS , 2022, p. 165-172Conference paper (Refereed)
    Abstract [en]

    The use of encryption is increasing, and while that is good for cybersecurity it is a core challenge for digital forensics. Encrypted information cannot be analyzed unless it is first decrypted, which is a complex and time-consuming process. Using a brute force attack to guess the password used for encryption is deemed impractical as even a simple password, being long enough, could take weeks, months, or even years to find. A more feasible approach is to use a dictionary attack where each word in a list is tested. However, a dictionary attack is only successful if the password is in the list, making the process of creating that list a crucial part of decrypting passwords. This research builds on existing literature showing that users commonly use strategies to create passwords, and the aim is to propose a method for creating dictionaries that are grounded in theories of password construction. An initial model was developed using a selective literature review with the purpose of identifying common elements included in biographical passwords, and in what order the elements are used. To improve the model, the study utilized semi-structured interviews with forensic experts from the Swedish police and the Swedish National Forensic Center (NFC). The main contribution of this research is a readily available model for creating dictionaries that can be used by practitioners. The model can also serve as a theoretical contribution that describes how users commonly construct biographical passwords.

    Download full text (pdf)
    FULLTEXT01
  • 4.
    Cervantes Mori, Milagros D.
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Success factors and challenges in digital forensics for law enforcement in Sweden2021In: Proceedings of the 7th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2021): Virtual conference in Trento, Italy, October 11-12, 2021 / [ed] Peter Bednar; Alexander Nolte; Mikko Rajanen; Anna Sigridur Islind; Helena Vallo Hult; Fatema Zaghloul; Aurelio Ravarini; Alessio Maria Braccini, CEUR-WS , 2021, p. 100-116Conference paper (Refereed)
    Abstract [en]

    The widespread use of communication and digital technology has affected the number of devices requiring analysis in criminal investigations. Additionally, the increase in storage volume, the diversity of digital devices, and the use of cloud environments introduce more complexities to the digital forensic domain. This work aims to supply a taxonomy of the main challenges and success factors faced in the digital forensic domain in law enforcement. The chosen method for this research is a systematic literature review of studies with topics related to success factors and challenges in digital forensics for law enforcement. The candidate studies were 1,428 peer-reviewed scientific articles published between 2015 and 2021. A total of twenty-eight primary studies were analyzed by applying thematic coding. Furthermore, a survey of digital forensic practitioners from the Swedish Police was held to triangulate the results achieved with the systematic literature review. 

    Download full text (pdf)
    FULLTEXT01
  • 5.
    Holgersson, Jesper
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Bergström, Erik
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Svensson, Henrik
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Analys av studenters upplevelse av hindrande faktorer för utbytesstudier2018In: NU2018 - Det akademiska lärarskapet, 2018, article id 684Conference paper (Refereed)
    Abstract [sv]

    I Högskolan i Skövdes (HS) utvecklingsplan (Högskolan i Skövde, 2017) framhålls vikten av att samtliga utbildningsprogram skall erbjuda möjligheter till utbytesstudier. Historiskt sett har antalet utresande vid HS varit lågt samtidigt som fakta som belyser varför så är fallet främst har baserats på enskilda studenters upplevelser av nominerings- och antagningsprocesser. Dock saknas en mer enhetlig och generaliserbar vy av hur olika funktioner på HS rörande utbytesstudier upplevs, både av studenter som genomfört utbytesstudier samt av studenter som varit nominerade men valt att inte genomföra utbytesstudier.

    Den frågeställning som adresserats är: vilka hinder finns för studenter som vill genomföra utbytesstudier? Den metod som tillämpats är en enkät som skickats ut till samtliga studenter som varit nominerade för utbytesstudier under 2017. Enkäten har baserats på en Likert-skala (Bryman och Nilsson) som kombinerats med fritextsvar.

    Totalt har 20 studenter från olika utbildningsprogram besvarat enkäten. Studien visar att studenterna rent generellt är nöjda med HS administrativa funktioner vilket också är den kanal som oftast utnyttjas. Andra administrativa funktioner såsom programansvariga och ämnesföreträdare upplevs olika av studenterna beroende på vilket ämnesområde som berörs.

    Studenterna redovisar ett antal huvudsakliga skäl som hindrar eller försvårar utbytesstudier. 1) Det läggs ett alltför stort ansvar på studenten i att identifiera kurser som denne är behörig till och som inte överlappar med kurser som läses vid det egna lärosätet. Detta innefattar även val av kurser som skall motsvara obligatoriska kurser på hemmaplan som i sin tur ligger som förkunskapskrav för framtida kurser inom utbildning, såsom examensarbeten. 2) Avsaknad av utbytesavtal med specifika länder samt svårighet att identifiera avtal med lärosäten som matchar studentens utbildningsprofil vid det egna lärosätet upplevs likaså som ett hinder för flertalet studenter. 3) Vidare uppger studenterna att det i många fall är svårt att ta till sig information på olika lärosätens hemsidor för att identifiera passande kurser eftersom den information som finns att tillgå upplevs som mycket heterogen och därmed både svårtolkad och svårnavigerad. Detta kan jämföras mot hur svenska lärosäten publicerar information om kurser vilket av studenterna upplevs som mer enhetligt och standardiserat vilket i sin tur gör olika kurser enklare att jämföra.

    Något som efterfrågas av många studenter som varit nominerade för utbytesstudier men som i slutändan valt att inte resa är ”utbytesstudie-charter” där det finns färdiga kurspaket som är granskade och validerade av HS. Även önskemål om mer standardiserade paket för boende och andra praktiska frågor efterfrågas av studenterna.

    Den information som enkätstudien har lyft fram har i första hand visat på att HS administrativa funktioner för utbytesstudier fungerar tillfredställande. Likaså verifierar enkätstudien de hypoteser som funnits rörande hindrande faktorer för utbytesstudier i de flesta fall stämmer: osäkerhet kring val av kurser och en oro för hur utbytesstudier kommer att påverka framtida studier på hemmaplan är stora orosmoment som kan få studenter av avstå från utbytesstudier trots ett initialt intresse för sådana.

    Referenser

    Bryman, A., & Nilsson, B. (2011). Samhällsvetenskapliga metoder. Malmö: Liber.

    Högskolan i Skövde. (2017). Utvecklingsplan. Skövde.

  • 6.
    Holgersson, Jesper
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Cybersecurity and Digital Exclusion of Seniors: What Do They Fear?2021In: Human Aspects of Information Security and Assurance: 15th IFIP WG 11.12 International Symposium, HAISA 2021, Virtual Event, July 7–9, 2021, Proceedings / [ed] Steven Furnell; Nathan Clarke, Cham: Springer , 2021, p. 12-21Conference paper (Refereed)
    Abstract [en]

    The rapid development of digitalization has led to a more or less endless variety of ways for individuals to communicate and interact with the outside world. However, in order to take advantage of all the benefits of digitalization, individuals need to have the necessary skills. Seniors represent a group that, compared to other groups, lives in a digital exclusion to an excessive extent, mainly due to the fact that they lack the necessary knowledge to use digital technology and digital services. Based on empirical data collected from seniors partaking in digital training, we have analyzed their perceptions of why they and other seniors are digitally excluded. Our findings point out that a major barrier for seniors to be more digitally included is different variants of fear of using digital technology and digital services. The common denominator can be traced down the possibilities to be exposed to frauds, scams, viruses, and faulty handling, which in turn cause undesired consequences. Consequently, we propose a research agenda where digital training and digital inclusion measurements should be studied side by side with cybersecurity behavior. Thus, making cybersecurity a fundamental part of digital inclusion has the potential to minimize the fears identified in this research as inhibitors to technology adoption.

  • 7.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Context-Based Micro-Training: Enhancing cybersecurity training for end-users2022Doctoral thesis, comprehensive summary (Other academic)
    Abstract [en]

    This research addresses the human aspect of cybersecurity by developing a method for cybersecurity training of end-users. The reason for addressing that area is that human behaviour is widely regarded as one of the most used attack vectors. Exploiting human behaviour through various social engineering techniques, password guessing, and more is a common practice for attackers. Reports even suggest that human behaviour is exploited in 95% of all cybersecurity attacks. 

    Human behaviour with regard to cybersecurity has been long discussed in the research. It is commonly suggested that users need support to behave securely. Training is often suggested as the way to improve user behaviour, and there are several different training methods available. The available training methods include instructor-led training, game-based training, eLearning, etc. However, even with the diversity of existing training methods, the effectiveness of such training has been questioned by recent research. Research suggests that existing training does not facilitate knowledge retention and user participation to a high enough degree.    

    This research aims to address the problems with current training practices by developing a new method for cybersecurity training of end-users. The research used a design science (DS) approach to develop the new method in three increasingly complex design cycles. Principles for cybersecurity training were developed based on previous research and the Technology Acceptance Model and made the theoretical foundation of the reserach. The result is a theoretically grounded method for cybersecurity training that outlines goals and guidelines for how such training should be implemented. It has been evaluated in several steps with more than 1800 survey participants and 300 participants in various experiments. The evaluations have shown that it can both support users towards secure behaviour and be appreciated by its users.  

    The main contribution of this research is the method for cybersecurity training, Context-Based Micro-Training (CBMT). CBMT is a theoretical contribution that describes good practices for cybersecurity training for end-users. Practitioners can adopt it as a guide on how to implement such training or to support procurement decisions. The research also shows the importance of integrating usability into the development of security practices. Users must positively receive both training and the guidelines imposed by training since positive user perception increases user adoption. Finally, the research shows that following security guidelines is difficult. While training is essential, this research suggests that training alone is not enough, and future research should consider the interplay between training and other support mechanisms.

    Download full text (pdf)
    FULLTEXT01
  • 8.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Fundamentals of Digital Forensics: Theory, Methods, and Real-Life Applications2018Book (Other academic)
  • 9.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Fundamentals of Digital Forensics: Theory, Methods, and Real-Life Applications2020 (ed. 2)Book (Other academic)
    Abstract [en]

    This practical and accessible textbook/reference describes the theory and methodology of digital forensic examinations, presenting examples developed in collaboration with police authorities to ensure relevance to real-world practice. The coverage includes discussions on forensic artifacts and constraints, as well as forensic tools used for law enforcement and in the corporate sector. Emphasis is placed on reinforcing sound forensic thinking, and gaining experience in common tasks through hands-on exercises.

    This enhanced second edition has been expanded with new material on incident response tasks and computer memory analysis.

  • 10.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Guide to Digital Forensics: A Concise and Practical Introduction2017 (ed. 1)Book (Other academic)
  • 11.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Using ContextBased MicroTraining to enforce secure behavior among computer users2019Conference paper (Other academic)
    Abstract [en]

    While there are many technical security controls available, the research- as well as the practitioner-community agrees that a key aspect of information security is user behavior (Bulgurcu, Cavusoglu, & Benbasat, 2010; Safa & Von Solms, 2016). It is also well established that users are usually a target somewhere in the attack chain in any intrusion attempt at a computer system or network. Thus, measures has to be taken to enforce secure user behavior. While technical controls are an important part of security, making users understand the consequences of insecure behavior and behave in a secure way is another key to good security. A common suggestion, in this regard, is training (Puhakainen & Siponen, 2010). On the topic of training, Parsons (2018) suggests that training should not only be about learning security, but also make users stop and think before they act.

    In this presentation, ContextBased MicroTraining (CBMT), a framework for training users to behave securely and has been developed during several years is presented (Kävrestad & Nohlberg, 2015; Skärgård, 2017; Werme, 2014). CBMT aims to deliver information security training in short sequences and is in that regard similar to, for instance, nano learning. However, CBMT also stipulates that training should be delivered to users in a situation where it is of direct relevance. Thus, the training should be perceived as more relevant and bring a reminding effect. Following the presentation of CBMT, the poster will describe how CBMT has been evaluated so far and with what results. The poster will end with a discussion on future research directions and suggestions for practical implementations of CBMT.

    References

    Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS quarterly, 34(3), 523- 548. Kävrestad, J., & Nohlberg, M. (2015). Online Fraud Defence by Context Based Micro Training. Paper presented at the HAISA. Parsons, K., Butavicius, M., Lillie, M., Calic, D., McCormac, A., & Pattinson, M. (2018). Which individual, cultural, organisational and inerventional factors explain phishing resilience?. . Paper presented at the Twelfth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018) Dundee, Scotland, UK: University of Plymouth. Puhakainen, P., & Siponen, M. (2010). Improving employees' compliance through information systems security training: an action research study. MIS quarterly, 757-778. Safa, N. S., & Von Solms, R. (2016). An information security knowledge sharing model in organizations. Computers in Human Behavior, 57, 442-451. Skärgård, M. (2017). Mikroträning som utbildningsmetod inom informationssäkerhet. In. Werme, J. (2014). Security awareness through micro-training: An initial evaluation of a context based micro-training framework. In.

  • 12.
    Kävrestad, Joakim
    et al.
    Jönköping University, School of Engineering, JTH, Department of Computer Science and Informatics. School of Informatics, University of Skövde, Sweden.
    Abbasi, Muhammad Abbas Khan
    School of Informatics, University of Skövde, Sweden.
    Tarczal, Márton
    School of Informatics, University of Skövde, Sweden.
    Nohlberg, Marcus
    School of Informatics, University of Skövde, Sweden.
    The impact of short-term memory on phishing detection ability and password behaviour2023In: CEUR Workshop Proceedings, CEUR , 2023, Vol. 3598, p. 160-173Conference paper (Refereed)
    Abstract [en]

    Cybersecurity is a socio-technical discipline which is dependent on the interplay between users and devices, and the organizations where this interplay takes place. Previous research has shown that the interplay between users and devices is highly affected by the cognitive abilities of users. This is prominent in cybersecurity, which requires users to make security-aware decisions when, for instance, reading emails and decide which emails are legitimate and which emails constitute phishing. Research further suggests that decision-making is dependent on memory ability, which is the focus of this research. In this study, we investigate the impact of short-term memory on phishing detection ability and password behaviour. A web survey was used to collect quantitative data from a large sample of respondents. The survey was distributed on social media platforms and 93 participants completed the survey. The results indicate a positive correlation between short-term memory scores and both password detection ability and password behavior

  • 13.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Bergström, Erik
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Holgersson, Jesper
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Svensson, Henrik
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Formella processer för att underlätta studenters mobilitet2018In: NU2018 - Det akademiska lärarskapet, 2018, article id 704Conference paper (Refereed)
    Abstract [sv]

    Inom utbildningar som ger kandidatexamen inom teknik, naturvetenskap och data reser endast 3% av de examinerade studenterna på utbyte (Universitetskanslersämbetet, 2016), vilket är långt under EU:s mål på 20% (Universitets- och högskolerådet, 2018). På Högskolan i Skövde (HS) åkte dock bara 0,78% på utbyte under 2016. Som ett led i att öka studentmobiliteten har Institutionen för informationsteknologi (IIT) vid HS deltagit i UHR-projektet ”Det akademiska värdet av mobilitet” med fokus på studievägledning och IIT:s syfte har varit att identifiera hinder för utresande och förtydliga studentperspektivet i mobilitetsprocessen. Det är ett välkänt problem inom akademin att det finns ett gap mellan förvaltning och fakultet och att detta förhindrar mobilitet (Souto-Otero, Huisman, Beerkens, Wit, & Vujić, 2013). Ett av de stora hindren vid HS och som identifierades tidigt var att det från ett studentperspektiv var otydligt vem studenterna skulle vända sig till och hur studenternas process från mobilitetstanke till utresa gick till rent praktiskt. Ytterligare framkom att programansvarigs roll i mobilitetsprocessen var otydlig, samt att programansvariga hade bristande kunskap om interna kommunikationsvägar.

    För att bringa klarhet i detta tillsattes en grupp med representanter från programansvariga vid IIT, internationaliseringssamordnare, samt representanter från flera roller i HS förvaltning som är inblandade i mobilitetsprocessen. Projektgruppen fick som uppgift att etablera gemensamma processer för studentmobilitet från tre perspektiv: studentens, programansvarigas samt ett högskoleövergripande. Projektgruppen har även haft som målsättning att identifiera hinder i programstrukturer (exempelvis förkunskapshinder) samt identifiering av partnerlärosäten och hur kommunikationen med dessa partnerlärosäten skall ske i praktiken.

    Projektet har genomförts under totalt 18 månader, främst i form av workshoppar med fokus på modeller för att beskriva de processer som finns eller borde finnas i verksamheten. Totalt har 11 workshoppar genomförts och de framarbetade modellerna har även validerats av en utomstående modelleringsexpert. Under våren kommer även modellerna att presenteras för alla övriga institutioner vid HS i syfte att implementera arbetssättet högskoleövergripande. Ett direkt resultat av denna arbetsprocess är att olika nyckelaktörer upplever att ansvar och rollfördelning förtydligats vilket i sin tur medfört en upplevelse av betydligt kortare och mer effektiva kommunikationsvägar: alla vet vem som skall göra vad och när.

    Projektet har även resulterat i ett förbättrat studentperspektiv, vilket rent konkret innebär att studenter på ett betydligt mer lättillgängligt sätt kan få information om hur processen för utbytesstudier ser ut samt vart de kan vända sig med sina frågor. Samtidigt bidrar den interorganisatoriska samsynen över processen kring utbytesstudier till att risken för att studenter får felaktig information av berörda aktörer minimeras då rollfördelning och ansvarsområden förtydligats.

    Huruvida det går att fastställa ett orsakssamband till projektet är osäkert, men antalet studenter som nominerats för utbytesstudier har ökat kraftigt på IIT under 2017. Från projektstart är den totala ökningen 49% och innefattar flera utbildningsprogram som innan projektets genomförande haft inga eller få studenter som varit intresserade av utbytesstudier.

    På presentationen kommer vi att redovisa resultaten av projektet mer i detalj och även förevisa de tre generiska modellerna eftersom dessa kan användas av andra lärosäten som behöver klargöra roller, informationsflöden och processer kring mobilitet.

     

    Referenser

    Souto-Otero, M., Huisman, J., Beerkens, M., Wit, H. d., & Vujić, S. (2013). Barriers to International Student Mobility:Evidence From the Erasmus Program. Educational Researcher, 42(2), 70-77. doi:10.3102/0013189x12466696

    Universitets- och högskolerådet. (2018). Eurostudent VI - studentmobilitet. Retrieved from https://www.uhr.se/globalassets/_uhr.se/lika-mojligheter/eurostudent/eurostudent-vi-studentmobilitet-20180131.pdf

    Universitetskanslersämbetet. (2016). Internationell studentmobilitet i högskolan 2015/16. Retrieved from http://www.uka.se/om-oss/publikationer--beslut/statistiska-meddelanden/statistiska-meddelanden/2016-12-08-internationell-studentmobilitet-i-hogskolan-2015-16.html

  • 14.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Eriksson, Fredrik
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    The Development of a Password Classification Model2018In: Journal of Information System Security, ISSN 1551-0123, E-ISSN 1551-0808, Vol. 14, no 1, p. 31-46Article in journal (Refereed)
    Abstract [en]

    In order to ensure that we are the only ones that can access our data, we use authentication to secure our computers and different online accounts. Passwords remain the most common type of authentication, even if there are several different ways to authenticate, including biometrics and tokens. With this study we aim to reveal and collect the different strategies that users are using when designing their passwords. To achieve this, a model was developed using interactive interviews with computer forensic experts. The model was then applied on 5,000 passwords gathered from 50 different password databases that had leaked to the Internet. The result is a model that can be used to classify passwords based on the strategy used to create them. As such, the results of this study increase the understanding of passwords and they can be used as a tool in education and training, as well as in future research.

  • 15.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Eriksson, Fredrik
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Understanding passwords – a taxonomy of password creation strategies2019In: Information and Computer Security, E-ISSN 2056-4961, Vol. 27, no 3, p. 453-467Article in journal (Refereed)
    Abstract [en]

    Purpose Using authentication to secure data and accounts has grown to be a natural part of computing. Even if several authentication methods are in existence, using passwords remains the most common type of authentication. As long and complex passwords are encouraged by research studies and practitioners alike, computer users design passwords using strategies that enable them to remember their passwords. This paper aims to present a taxonomy of those password creation strategies in the form of a model describing various strategies used to create passwords. Design/methodology/approach The study was conducted in a three-step process beginning with a short survey among forensic experts within the Swedish police. The model was then developed by a series of iterative semi-structured interviews with forensic experts. In the third and final step, the model was validated on 5,000 passwords gathered from 50 different password databases that have leaked to the internet. Findings The result of this study is a taxonomy of password creation strategies presented as a model that describes the strategies as properties that a password can hold. Any given password can be classified as holding one or more of the properties outlined in the model. Originality/value On an abstract level, this study provides insight into password creation strategies. As such, the model can be used as a tool for research and education. It can also be used by practitioners in, for instance, penetration testing to map the most used password creation strategies in a domain or by forensic experts when designing dictionary attacks.

  • 16.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Fallatah, Wesam
    University of Nottingham, UK.
    Furnell, Steven
    University of Nottingham, UK.
    Cybersecurity training acceptance: A literature review2023In: Human Aspects of Information Security and Assurance: 17th IFIP WG 11.12 International Symposium, HAISA 2023, Kent, UK, July 4–6, 2023, Proceedings / [ed] Steve Furnell; Nathan Clarke, Cham: Springer , 2023, p. 53-63Conference paper (Refereed)
    Abstract [en]

    User behavior is widely acknowledged as a crucial part of cybersecurity, and training is the most commonly suggested way of ensuring secure behavior. However, an open challenge is to get users to engage with such training to a high enough extent. Consequently, this paper provides research into user acceptance of cybersecurity training. User acceptance can be understood from a socio-technical perspective and depends on the training itself, the organization where it is deployed, and the user expected to engage with it. A structured literature review is conducted to review previous research on cybersecurity training acceptance using a social-technical approach. The paper contributes with an overview of how user acceptance has been researched in the three social-technical dimensions and with what results. The review shows that previous research mostly focused on how the training method itself affects user acceptance, while research focusing on organizational or user-related dimensions is more scarce. Consequently, the paper calls for further research on the organizational aspects of user acceptance of cybersecurity training and how user acceptance can differ between user groups.

  • 17.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Friman, Evelina
    Högskolan i Skövde, Forskningsmiljön Informationsteknologi.
    Bohlander, Joacim
    Högskolan i Skövde, Forskningsmiljön Informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Can Johnny actually like security training?2020In: Proceedings of the 6th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2020): Virtual conference in Grenoble, France, June 8-9, 2020 / [ed] Peter Bednar, Alexander Nolte, Mikko Rajanen, Helena Vallo Hult, Anna Sigridur Islind, Federico Pigni, CEUR-WS , 2020, p. 76-83Conference paper (Refereed)
    Abstract [en]

    Information security is a socio-technical property where a lot of traditional efforts has been placed in the technical domain. Security has been seen as a technical challenge and the solutions has been technical. However, it is well known that human behavior plays a key role in information security and the user is often seen as the weakest link in the security chain. As such, information security is a socio-technical property where the social, or human side needs increased attention. Security training is commonly suggested as the way to improve user behavior but the effects of various training efforts is also under-researched. This paper demonstrates how ContextBased MicroTraining (CBMT) can be implemented and performs a usability evaluation of that implementation. CBMT is a method for information security training which has been developed over years of research. The paper demonstrates that the CBMT method can aid in the development of highly usable security training. The paper also emphasizes the need for user centered design in development of security software intended for end-users. 

    Download full text (pdf)
    FULLTEXT01
  • 18.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Furnell, Steven
    School of Computer Science, University of Nottingham, UK.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    User perception of Context-Based Micro-Training – a method for cybersecurity training2024In: Information Security Journal, ISSN 1939-3555, E-ISSN 1939-3547, Vol. 33, no 2, p. 121-137Article in journal (Refereed)
    Abstract [en]

    User behavior is one of the biggest challenges to cybersecurity in modern organizations. Users are continuously targeted by attackers and required to have sufficient knowledge to spot and avoid such attacks. Different training methods are suggested and used in the industry to support users to behave securely. The challenge remains, and improved methods for end-user cybersecurity training are needed. This paper introduces and evaluates user perception of a method called Context-Based Micro-Training (CBMT). This approach suggests that training should be delivered in short sequences when the information is of direct relevance. The intention is to provide training directly related to the user’s current situation while also providing an awareness-increasing effect. This notion is tested in a survey-based evaluation involving 1,452 respondents from Sweden, Italy, and the UK, comparing the perception of CBMT against the experience of traditional approaches. The results emphasize that current methods are not effective enough and show that CBMT is perceived positively by respondents in all sample groups. The study further evaluated how demographic aspects impact the perception of CBMT and found that a diverse group of users can appreciate it.

    Download full text (pdf)
    FULLTEXT01
  • 19.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Furnell, Steven
    University of Nottingham, UK.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    What Parts of Usable Security Are Most Important to Users?2021In: Information Security Education for Cyber Resilience: 14th IFIP WG 11.8 World Conference, WISE 2021, Virtual Event, June 22–24, 2021, Proceedings / [ed] Lynette Drevin; Natalia Miloslavskaya; Wai Sze Leung; Suné von Solms, Cham: Springer , 2021, p. 126-139Conference paper (Refereed)
    Abstract [en]

    The importance of the human aspects of cybersecurity cannot be overstated in light of the many cybersecurity incidents stemming from insecure user behavior. Users are supposed to engage in secure behavior by use of security features or procedures but those struggle to get widespread use and one hindering factor is usability. While several previous papers studied various usability factors in the cybersecurity domain, a common understanding of usable security is missing. Further, usability covers a large range of aspects and understanding what aspects users prioritize is integral for development of truly usable security features. This paper builds on previous work and investigates what usability factors users prioritize and what demographic factors that affects the perception of usability factors. This is done through a survey answered by 1452 respondents from Sweden, Italy and UK. The results show that users prefer security functions to minimize resource consumption in terms of cost, device performance and time. The study further demonstrate that users want security functions to require as little effort as possible and just work. Further, the study determines that nation of residence and IT-competence greatly impacts the perception of usability for security functions while gender and age does so to a much lesser extent.

  • 20.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Gellerstedt, Martin
    Högskolan i Skövde, Institutionen för hälsovetenskaper.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Rambusch, Jana
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Survey of Users’ Willingness to Adopt and Pay for Cybersecurity Training2022In: Human Aspects of Information Security and Assurance: 16th IFIP WG 11.12 International Symposium, HAISA 2022, Mytilene, Lesbos, Greece, July 6–8, 2022, Proceedings / [ed] Nathan Clarke; Steven Furnell, Cham: Springer Nature Switzerland AG , 2022, p. 14-23Conference paper (Refereed)
    Abstract [en]

    The importance of user behaviour in the cybersecurity domain is widely acknowledged. Users face cyberthreats such as phishing and fraud daily, both at work and in their private use of technology. Using training interventions to improve users’ knowledge, awareness, and behaviour is a widely accepted approach to improving the security posture of users. Research into cybersecurity training has traditionally assumed that users are provided such training as members of an organization. However, users in their private capacity are expected to cater for their own security. This research addresses this gap with a survey where 1437 Swedish adults participated. Willingness to adopt and pay for different cybersecurity training types was measured. The included types were; training delivered to users in a context where the training is of direct relevance, eLearning and game-based training. The participants were most willing to adopt and pay for contextual training, while eLearning was the second most favoured training type. We also measured if willingness to pay and adopt cybersecurity training was impacted by the participant’s worry about various cyber threats. Surprisingly, no meaningful correlation was found, suggesting that something else than worry mediates willingness to adopt and pay for cybersecurity training. 

  • 21.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Hagberg, Allex
    Xenolith AB, Skövde, Sweden.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Rambusch, Jana
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Roos, Robert
    Xenolith AB, Skövde, Sweden.
    Furnell, Steven
    School of Computer Science, University of Nottingham, UK.
    Evaluation of Contextual and Game-Based Training for Phishing Detection2022In: Future Internet, E-ISSN 1999-5903, Vol. 14, no 4Article in journal (Refereed)
    Abstract [en]

    Cybersecurity is a pressing matter, and a lot of the responsibility for cybersecurity is put on the individual user. The individual user is expected to engage in secure behavior by selecting good passwords, identifying malicious emails, and more. Typical support for users comes from Information Security Awareness Training (ISAT), which makes the effectiveness of ISAT a key cybersecurity issue. This paper presents an evaluation of how two promising methods for ISAT support users in acheiving secure behavior using a simulated experiment with 41 participants. The methods were game-based training, where users learn by playing a game, and Context-Based Micro-Training (CBMT), where users are presented with short information in a situation where the information is of direct relevance. Participants were asked to identify phishing emails while their behavior was monitored using eye-tracking technique. The research shows that both training methods can support users towards secure behavior and that CBMT does so to a higher degree than game-based training. The research further shows that most participants were susceptible to phishing, even after training, which suggests that training alone is insufficient to make users behave securely. Consequently, future research ideas, where training is combined with other support systems, are proposed

    Download full text (pdf)
    FULLTEXT01
  • 22.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Hagberg, Allex
    Xenolith AB, Skövde, Sweden.
    Roos, Robert
    Xenolith AB, Skövde, Sweden.
    Rambusch, Jana
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Usable Privacy and Security from the Perspective of Cognitive Abilities2022In: Privacy and Identity Management. Between Data Protection and Security: 16th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Privacy and Identity 2021, Virtual Event, August 16–20, 2021, Revised Selected Papers / [ed] Michael Friedewald; Stephan Krenn; Ina Schiering; Stefan Schiffner, Springer , 2022, 1, p. 105-121Chapter in book (Refereed)
    Abstract [en]

    Privacy, Information, and Cybersecurity (PICS) are related properties that have become a concern for more or less everyone. A large portion of the responsibility for PICS is put on the end-user, who is expected to adopt PICS tools, guidelines, and features to stay secure and maintain organizational security. However, the literature describes that many users do not adopt PICS tools and a key reason seems to be usability. This study acknowledges that the usability of PICS tools is a crucial concern and seeks to problematize further by adding cognitive ability as a key usability aspect. We argue that a user’s cognitive abilities determine how the user perceives the usability of PICS tools and that usability guidelines should account for varying cognitive abilities held by different user groups. This paper presents a case study with focus on how cognitive disabilities can affect the usability of PICS tools. Interviews with users with cognitive disabilities as well as usability experts, and experts on cognitive disabilities were conducted. The results suggest that many of the usability factors are shared by all users, cognitive challenges or not. However, cognitive challenges often cause usability issues to be more severe. Based on the results, several design guidelines for the usability of PICS tools are suggested.

  • 23.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Huskaj, Gazmend
    Högskolan i Skövde, Institutionen för informationsteknologi.
    How the Civilian Sector in Sweden Perceive Threats from Offensive Cyberspace Operations2021In: Proceedings of the 20th European Conference on Cyber Warfare and Security / [ed] Thaddeus Eze; Lee Speakman; Cyril Onwubiko, Reading: ACI Academic Conferences International , 2021, p. 499-506Conference paper (Refereed)
    Abstract [en]

    The presence of state-sponsored actors executing offensive cyberspace operations (OCO) has been made evident in recent years. The term offensive cyberspace operations encompass a range of different actions, including cyberespionage, disinformation campaigns, spread of malware and more. Based on an analysis of past events, it is evident that state-sponsored actors are causing harm to the civilian sector using OCO. However, the degree to which civilian organizations understand the threat from state-sponsored actors is currently unknown. This research seeks to provide new a better understanding of OCO and their impact on civilian organizations. To highlight this domain, the case of the threat actor Advanced Persistent Threat 1 (APT1) is presented, and its impact on three civilian organizations discussed. Semi-structured interviews were used to research how the threats from OCO and state-sponsored actors are perceived by civilian organizations. First, a computational literature review was used to get an overview of related work and establish question themes. Next, the question themes were used to develop questions for the interview guide, followed by separate interviews with five security professionals working in civilian organizations. The interviews were analysed using thematic coding and the identified themes summarized as the result of this research. The results show that all respondents are aware of the threat from OCO, but they perceive it in different ways. While all respondents acknowledge state-sponsored actors at a threat agent executing OCO, some respondent’s argue that state-sponsored actors are actively seeking footholds in systems for future use while others state that the main goal of state-sponsored actors is to steal information. This suggests that the understanding of the threat imposed by OCO is limited, or at least inconsistent, among civilian security experts. As an interview study, the generalisability of this research is limited. However, it does demonstrate that the civilian society does not share a common view of the threat from state-sponsored actors and OCO. As such, it demonstrates a need for future research in this domain and can serve as a starting point for such projects.

    Download full text (pdf)
    FULLTEXT01
  • 24.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Lennartsson, Markus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Birath, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Constructing secure and memorable passwords2020In: Information and Computer Security, E-ISSN 2056-4961, Vol. 28, no 5, p. 701-717Article in journal (Refereed)
    Abstract [en]

    Purpose Using authentication to secure data and accounts has grown to be a natural part of computing. Even if several authentication methods are in existence, using passwords remain the most common type of authentication. As long and complex passwords are encouraged by research studies and practitioners alike, computer users design passwords using strategies that enable them to remember their passwords. This paper aims to find strategies that allow for the generation of passwords that are both memorable and computationally secure. Design/methodology/approach The study began with a literature review that was used to identify cognitive password creation strategies that facilitate the creation of passwords that are easy to remember. Using an action-based approach, attack models were created for the resulting creation strategies. The attack models were then used to calculate the entropy for passwords created with different strategies and related to a theoretical cracking time. Findings The result of this study suggests that using phrases with four or more words as passwords will generate passwords that are easy to remember and hard to attack. Originality/value This paper considers passwords from a socio-technical approach and provides insight into how passwords that are easy to remember and hard to crack can be generated. The results can be directly used to create password guidelines and training material that enables users to create usable and secure passwords.

  • 25.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Lindvall, David
    Skövde Municipality, Sweden.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Combating digital exclusion with cybersecurity training – an interview study with Swedish seniors2023In: Human Aspects of Information Security and Assurance: 17th IFIP WG 11.12 International Symposium, HAISA 2023, Kent, UK, July 4–6, 2023, Proceedings / [ed] Steve Furnell; Nathan Clarke, Cham: Springer , 2023, p. 3-12Conference paper (Refereed)
    Abstract [en]

    While rapid digitalization is beneficial for a majority of all people, some people struggle to adopt digital technology. Not only do these persons miss the potential benefits of digitalization, but they are also suffering from the fact that many services are no longer provided in a non-digital way. Previous research suggests that a lack of security literacy and awareness is one driving factor behind the digital exclusion for senior citizens. To that end, this research focuses on cybersecurity training for seniors. Seniors are here defined as those aged above 65. Using interviews with eight seniors, this research evaluates the use of contextual training in this user group. The rationale is that contextual training has been found to have positive results in other user groups. The results suggest that contextual cybersecurity training can increase cybersecurity awareness for senior citizens and be appreciated by the users. The participants also confirm previous research describing that cybersecurity concerns are a driving factor behind digital exclusion and that contextual cybersecurity training can make seniors more comfortable adopting digital services.

  • 26.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Marcus, Nohlberg
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Online Fraud Defence by Context Based Micro Training2015In: Online Fraud Defence by Context Based Micro Training / [ed] Steven M. Furnell; Nathan L. Clarke, University of Plymouth Press , 2015, p. 256-264Conference paper (Refereed)
    Abstract [en]

    Online frauds are a category of Internet crime that has been increasing globally over the past years. Online fraudsters use a lot of different arenas and methods to commit their crimes and that is making defence against online fraudsters a difficult task. Today we see continuous warnings in the daily press and both researchers and governmental web-pages propose that Internet users gather knowledge about online frauds in order to avoid victimisation. In this paper we suggest a framework for presenting this knowledge to the Internet users when they are about to enter a situation where they need it. We provide an evaluation of the framework that indicates that it can both make users less prone to fraudulent ads and more trusting towards legitimate ads. This is done with a survey containing 117 participants over two groups where the participants were asked to rate the trustworthiness of fraudulent and legitimate ads.. One groups used the framework before the rating and the other group did not. The results showed that, in our study, the participants using the framework put less trust in fraudulent ads and more trust in legitimate ads. 

    Download full text (pdf)
    FULLTEXT01
  • 27.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Assisting Users to Create Stronger Passwords Using ContextBased MicroTraining2020In: ICT Systems Security and Privacy Protection: 35th IFIP TC 11 International Conference, SEC 2020, Maribor, Slovenia, September 21–23, 2020, Proceedings / [ed] Marko Hölbl, Kai Rannenberg, Tatjana Welzer, Cham: Springer , 2020, p. 95-108Conference paper (Refereed)
    Abstract [en]

    In this paper, we describe and evaluate how the learning framework ContextBased MicroTraining (CBMT) can be used to assist users to create strong passwords. Rather than a technical enforcing measure, CBMT is a framework that provides information security training to users when they are in a situation where the training is directly relevant. The study is carried out in two steps. First, a survey is used to measure how well users understand password guidelines that are presented in different ways. The second part measures how using CBMT to present password guidelines affect the strength of the passwords created. This experiment was carried out by implementing CBMT at the account registration page of a local internet service provider and observing the results on user-created passwords. The results of the study show that users presented with passwords creation guidelines using a CBMT learning module do understand the password creation guidelines to a higher degree than other users. Further, the experiment shows that users presented with password guidelines in the form of a CBMT learning module do create passwords that are longer and more secure than other users. The assessment of password security was performed using the zxcvbn tool, developed by Dropbox, that measures password entropy.

  • 28.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Context-Based Micro-training2022In: Encyclopedia of Cryptography, Security and Privacy / [ed] Sushil Jajodia; Pierangela Samarati; Moti Yung, Springer , 2022Chapter in book (Refereed)
  • 29.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    ContextBased MicroTraining: A Framework for Information Security Training2020In: Human Aspects of Information Security and Assurance: 14th IFIP WG 11.12 International Symposium, HAISA 2020, Mytilene, Lesbos, Greece, July 8–10, 2020, Proceedings / [ed] Nathan Clarke, Steven Furnell, Cham: Springer , 2020, p. 71-81Conference paper (Refereed)
    Abstract [en]

    This paper address the emergent need for training measures designed to improve user behavior in regards to security. We do this by proposing a framework for information security training that has been developed for several years and over several projects. The result is the framework ContextBased MicroTraining (CBMT) which provides goals and guidelines for how to better implement information security training that supports the user in the situation where the user needs support. CBMT has been developed and tested for use in higher education as well as for the support of users during passwords creation. This paper presents version 1.0 of the framework with the latest renements.

  • 30.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Defining and modelling the online fraud process2018In: Proceedings of the twelfth International Symposium on Human Aspects of Information Security & Assurance: HAISA 2018 / [ed] Nathan L. Clarke; Steven M. Furnell, Plymouth: University of Plymouth Press , 2018, p. 203-213Conference paper (Refereed)
    Abstract [en]

    As we have become more and more active online so has online criminals. Looking at one type of Internet crimes, online frauds, it is apparent that any-one can be targeted by a fraudster online. It has also been shown that online frauds keep increasing from year to year. It has even been estimated that one third of the adult population in America encounters online fraudsters, annually. In this paper we aimed to increase the knowledge about online frauds. We did this by producing a model that describes the process and aspects of an online fraud as well as a proposed definition of the term "online fraud". In this paper, we present the model and definition that we created and demonstrate their usefulness. The usefulness is demonstrated in our validation step, where we applied the definition to known online fraud schemes. We also conducted an interview in which the model was said to be useful in order to explain how an online fraud scheme was carried out, during a criminal prosecution. As such, that demonstrates that our model can be used to increase the understanding of online frauds.

  • 31.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Evaluation Strategies for Cybersecurity Training Methods: A Literature Review2021In: Human Aspects of Information Security and Assurance: 15th IFIP WG 11.12 International Symposium, HAISA 2021, Virtual Event, July 7–9, 2021, Proceedings / [ed] Steven Furnell; Nathan Clarke, Cham: Springer , 2021, p. 102-112Conference paper (Refereed)
    Abstract [en]

    The human aspect of cybersecurity continues to present challenges to researchers and practitioners worldwide. While measures are being taken to improve the situation, a vast majority of security incidents can be attributed to user behavior. Security and Awareness Training (SAT) has been available for several decades and is commonly given as a suggestion for improving the cybersecurity behavior of end-users. However, attackers continue to exploit the human factor suggesting that current SAT methods are not enough. Researchers argue that providing knowledge alone is not enough, and some researchers suggest that many currently used SAT methods are, in fact, not empirically evaluated. This paper aims to examine how SAT has been evaluated in recent research using a structured literature review. The result is an overview of evaluation methods which describes what results that can be obtained using them. The study further suggests that SAT methods should be evaluated using a variety of methods since different methods will inevitably provide different results. The presented results can be used as a guide for future research projects seeking to develop or evaluate methods for SAT.

  • 32.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Using Context Based MicroTraining to Develop OER for the Benefit of All2019In: Proceedings of the 15th International Symposium on Open Collaboration, OpenSym 2019, 20-22 August 2019, Skövde, Sweden, New York: ACM Digital Library , 2019, article id A7Conference paper (Refereed)
    Abstract [en]

    This paper demonstrates how Context Based MicroTraining (CBMT) can be used to develop open educational resources in a way that benefits students enrolled in university courses as well as anyone who wants to participate in open-learning activities. CBMT is a framework that provides guidelines for how educational resources should be structured. CBMT stipulates that information should be presented in short sequences and that is relevant for the learner’s current situation. In this paper, CBMT is implemented in a practical ICT course using video lectures that are delivered as open educational resources using YouTube. The experiences of enrolled students as well as YouTube users are evaluated as well as the actual results of the enrolled students. The results of the study suggest that users of the video lectures appreciate the learning approach. The actual results, i.e. learning outcomes, of the enrolled students are maintained. The study also demonstrates how using CBMT as open educational resources can free up time for teachers and increase the quality of teaching by benefitting from community feedback.

  • 33.
    Kävrestad, Joakim
    et al.
    University of Skövde, Skövde, Sweden.
    Nohlberg, Marcus
    University of Skövde, Skövde, Sweden.
    Furnell, Steven
    University of Nottingham, Nottingham, United Kingdom.
    A taxonomy of SETA methods and linkage to delivery preferences2023In: Data Base for Advances in Information Systems, ISSN 0095-0033, Vol. 54, no 4, p. 107-133Article in journal (Refereed)
    Abstract [en]

    Cybersecurity threats targeting users are common in today’s information systems. Threat actors exploit human behavior to gain unauthorized access to systems and data. The common suggestion for addressing this problem is to train users to behave better using SETA programs. The notion of training users is old, and several SETA methods are described in scientific literature. Yet, incidents stemming from insecure user behavior continue to happen and are reported as one of the most common types of incidents. Researchers argue that empirically proven SETA programs are needed and point out focus on knowledge rather than behavior, and poor user adoption, as problems with existing programs. The present study aims to research user preferences regarding SETA methods, with the motivation that a user is more likely to adopt a program perceived positively. A qualitative approach is used to identify existing SETA methods, and a quantitative approach is used to measure user preferences regarding SETA delivery. We show that users prefer SETA methods to be effortless and flexible and outline how existing methods meet that preference. The results outline how SETA methods respond to user preferences and how different SETA methods can be implemented to maximize user perception, thereby supporting user adoption.

    Download full text (pdf)
    Fulltext
  • 34.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Pettersson, Rickard
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    The language effect in phishing susceptibility2020In: Proceedings of the 6th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2020): Virtual conference in Grenoble, France, June 8-9, 2020 / [ed] Peter Bednar, Alexander Nolte, Mikko Rajanen, Helena Vallo Hult, Anna Sigridur Islind, Federico Pigni, CEUR-WS , 2020, p. 162-167Conference paper (Refereed)
    Abstract [en]

    Phishing has been, and remains to be, one of the most common types of social engineering. It is the act of tricking users to perform actions they normally wouldn’t using e-mail. Since phishing involves using technical measures to trick users, it is a social technical phenomenon that must be understood from the technical as well as the social side. While phishing and phishing susceptibility has been researched for decades, the effect of language ability on phishing susceptibility is underresearched. In this paper, we conducted a survey where we had swedes rate their English ability before classifying e-mails in Swedish and English as fraudulent or legitimate. The results shows that the respondents English ability does affect the ability to correctly identify legitimate emails and brings another piece to the puzzle of phishing susceptibility.

    Download full text (pdf)
    FULLTEXT01
  • 35.
    Kävrestad, Joakim
    et al.
    Jönköping University, School of Engineering, JTH, Department of Computer Science and Informatics.
    Rambusch, Jana
    University of Skövde, Skövde, Sweden.
    Nohlberg, Marcus
    University of Skövde, Skövde, Sweden.
    Design principles for cognitively accessible cybersecurity training2024In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 137, article id 103630Article in journal (Refereed)
    Abstract [en]

    Exploiting human behavior to gain unauthorized access to computer systems has become common practice for modern cybercriminals. Users are expected to adopt secure behavior to avoid those attackers. This secure behavior requires cognitive processing and is often seen as a nuisance which could explain why attacks exploiting user behavior continues to be a fruitful approach for attackers. While adopting secure behavior can be difficult for any user, it can be even more difficult for users with cognitive disabilities. This research focuses on users with cognitive disabilities with the intent of developing design principles for the development of cognitively accessible cybersecurity training. The target group is estimated to include almost 10 % of all users but is previously understudied. The results show that the target group experience cybersecurity as cognitively demanding, sometimes to a degree that becomes incapacitating. Participating in cybersecurity training requires cognitive energy which is a finite resource. Cognitively accessible cybersecurity training requires a minimalist design approach and inclusion of accessibility functions. A minimalist design approach, in this case, means that both informative and design elements should be kept to a minimum. The rationale is that all such elements require cognitive processing which should be kept to a minimum.

  • 36.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Skärgård, Marie
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Users perception of using CBMT for information security training2019In: Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019) / [ed] Steven M. Furnell; Nathan L. Clarke, University of Plymouth Press , 2019, p. 122-131Conference paper (Refereed)
    Abstract [en]

    It is well established that user behavior is a crucial aspect of information security and archivingsecure behavior through awareness and security training is the go-to solution proposed bypractitioners as well as the research community. Thus, there is a dire need for efficient trainingmethods for use in the security domain. This paper introduces ContextBased MicroTraining(CBMT), a framework for information security training that dictated that information securitytraining should be delivered to end users in short-sequences when the users are in a situationwhere the training is needed. Further, the users' perception of CBMT in evaluated in an onlinesurvey where about 200 respondents are subjected to training material and asked about how theyperceived them. The results show that users like the training material designed according to theCBMT framework and would prefer to use CBMT over other traditional methods of informationsecurity training.

  • 37.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Zaxmy, Johan
    Högskolan i Skövde.
    Modig, Dennis
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Könsidentitet – dealbreakers vid utbildningsval2018In: NU2018 - Det akademiska lärarskapet, 2018, article id 705Conference paper (Refereed)
    Abstract [sv]

    Nätverks och systemadministration (NSA) är en teknisk IT utbildning som traditionellt sett haft en homogen studentgrupp, med nästan uteslutande manliga studenter. Det finns dock ett mål från Högskolelagen om att aktörer inom högre utbildning ska arbeta för en breddad rekrytering till högre utbildning och därmed med diversifierade studentgrupper (Sveriges Riksdag, 2018). Vidare finns det flera studier som påvisar att dynamiken i en grupp förbättras om den är mer diversifierad och detta ensamt är en anledning att bland annat sträva efter en jämnare könsfördelning (Curşeu et al. 2017; Curşeu & Sari, 2015; Hansen et al., 2015 ). För att arbeta vidare med att uppnå en jämnare könsfördelning på NSA-utbildningen har en enkätstudie bland studenterna i årskurs ett utförts. Syftet att kartlägga om det finns några skillnader mellan könen avseenden hur de upplever utbildningen och vilka aspekter de värderar högst vid valet av utbildning. Vi har valt att fokusera på befintliga studenter inom utbildningen i årskurs ett då den studentgruppen har ca 10 % kvinnliga studenter.

    Med studiens resultat hoppas vi kunna identifiera skillnader i vilka aspekter som är viktiga för studenter av olika kön när de väljer utbildning samt strukturer i utbildningen som bidrar till en snedvriden könsfördelning. Vi kan senare arbeta vidare med de problem vi identifierar och förhoppningsvis uppnå en jämnare könsfördelning på utbildningen.

    Enkäten skickades till 59 studenter på utbildningen, varav 21 svarade. Av dem angav 14 att de identifierade sig som män och 6 att de identifierade sig som kvinnor.  En person angav annat/vill ej uppge på frågan, detta svar har tagits bort från analysen då syftet är att se skillnader i svaren mellan män och kvinnor. I första delen av enkäten fick de svarande rangordna vilka av åtta egenskaper de värderade högst när de valde utbildning. Generellt så värderade alla svarande möjligheter till jobb, intresse för området och kunniga lärare högt. Den skillnad som kunde observeras mellan könen var dock att de kvinnliga svarande rankade möjligheterna till jobb högre än de manliga svarande. Samtliga kvinnliga sökande rankade möjligheten till jobb som den viktigaste eller näst viktigast aspekten, svaren från männen var mer varierande. 71 % av de manliga svarande att ”området är intressant” som den viktigaste aspekten där svaren från de kvinnliga deltagarna var mer spretiga.

    Deltagarna fick sedan svara på hur de upplevde utbildningen. Här observerades skillnader mellan hur män och kvinnor bedömde hur deras förkunskaper påverkade deras möjligheter att tillgodogöra sig utbildningen. Sammantaget svarade kvinnorna i högre grad att de saknat förkunskaper och därför haft svårt att tillgodogöra sig utbildningen. Något som stärker bilden att kvinnor valt utbildningen för att den leder till jobb i högre grad än de manliga svarande.

    Sammantaget visar enkäten att de män och kvinnor som deltagit i studien i stort rankar samma egenskaper hos en utbildning högt. De kvinnliga svarande lägger större vikt vid möjligheterna till jobb och de manliga rankar intresset för området högre.

     

     

     

     

    Referenser

    Curşeu, P. L., Chappin, M. M., & Jansen, R. J. (2017). Gender diversity and motivation in collaborative learning groups: the mediating role of group discussion quality. Social Psychology of Education, 1-14.

    Curşeu, P. L., & Sari, K. (2015). The effects of gender variety and power disparity on group cognitive complexity in collaborative learning groups. Interactive Learning Environments, 23(4), 425-436.

    Hansen, Z., Owan, H., & Pan, J. (2015). The impact of group diversity on class performance: evidence from college classrooms. Education Economics, 23(2), 238-258.

    Sveriges Riksdag (2018). Högskolelag (1192:1434). Tillgänglig på internet: https://www.riksdagen.se/sv/dokument-lagar/dokument/svensk-forfattningssamling/hogskolelag-19921434_sfs-1992-1434 [Hämtad 2018-02-13]

  • 38.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Zaxmy, Johan
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Analysing the Usage of Character Groups and Keyboard Patterns in Password Usage2019In: Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019) / [ed] Steven M. Furnell, Nathan L. Clarke, University of Plymouth Press , 2019, p. 155-165Conference paper (Refereed)
    Abstract [en]

    Even with the advances in different methods for authentication, passwords remain the mostcommon approach for authentication as well as for encryption of user data. Password guessingattacks have grown to be a vital part of computer forensics as well as penetration testing. In thispaper, we seek to provide a statistical analysis of password composition by analyzing whatcharacter sets that are most commonly used in over 1 billion leaked passwords in over 20different databases. Further, we use a survey to analyze if users that actively encrypt data differfrom the norm. The results of this study suggest that American lowercase letters and numbersare the, by far, most commonly used character sets and that users who actively encrypt data usekeyboard patterns and special characters more frequently than the average user.

  • 39.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Zaxmy, Johan
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Analyzing the usage of character groups and keyboard patterns in password creation2020In: Information and Computer Security, E-ISSN 2056-4961, Vol. 28, no 3, p. 347-358Article in journal (Refereed)
    Abstract [en]

    Purpose

    Using passwords to keep account and data safe is very common in modern computing. The purpose of this paper is to look into methods for cracking passwords as a means of increasing security, a practice commonly used in penetration testing. Further, in the discipline of digital forensics, password cracking is often an essential part of a computer examination as data has to be decrypted to be analyzed. This paper seeks to look into how users that actively encrypt data construct their passwords to benefit the forensics community.

    Design/methodology/approach

    The study began with an automated analysis of over one billion passwords in 22 different password databases that leaked to the internet. The study validated the result with an experiment were passwords created on a local website was analyzed during account creation. Further a survey was used to gather data that was used to identify differences in password behavior between user that actively encrypt their data and other users.

    Findings

    The result of this study suggests that American lowercase letters and numbers are present in almost every password and that users seem to avoid using special characters if they can. Further, the study suggests that users that actively encrypt their data are more prone to use keyboard patterns as passwords than other users.

    Originality/value

    This paper contributes to the existing body of knowledge around password behavior and suggests that password-guessing attacks should focus on American letters and numbers. Further, the paper suggests that forensics experts should consider testing patterns-based passwords when performing password-guessing attacks against encrypted data.

  • 40.
    Kävrestad, Joakim
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Åhlfeldt, Rose-Mharie
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Karonen, Johani
    Högskolan i Skövde.
    Kowalski, Stewart
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Spiraling out in control: A Video Cartesian Dialectic on a Socio-technical Approach to Teaching Privacy, Information- and Cyber Security (PICS)2019In: Socio-Technical Perspective in IS Development 2019: Proceedings of the 5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019) / [ed] Stewart Kowalski; Peter Bednar; Alexander Nolte; Ilia Bider, CEUR-WS , 2019, p. 153-155Conference paper (Refereed)
    Download full text (pdf)
    FULLTEXT01
  • 41.
    Lennartsson, Markus
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Exploring the Meaning of "Usable Security"2020In: Human Aspects of Information Security and Assurance: 14th IFIP WG 11.12 International Symposium, HAISA 2020, Mytilene, Lesbos, Greece, July 8–10, 2020, Proceedings / [ed] Clarke, Nathan, Furnell, Steven, Cham: Springer , 2020, p. 247-258Conference paper (Refereed)
    Abstract [en]

    While there are many examples of incidents that make theneed for more work around the human aspects of security apparent, theliterature makes it obvious that usable security can mean many dierentthings and usable security is a complex matter. This paper reports on astructured literature review that analyzed what the research communityconsiders to be included in the term "usable security". Publications fromthe past ve years were analyzed and dierent perceptions of usablesecurity were gathered. The result is a listing of the dierent aspectsthat are discussed under the term "usable security" and can be used as areference for future research of practitioners who are developing securityfunctions with usability in mind.

  • 42.
    Lennartsson, Markus
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Exploring the meaning of usable security – a literature review2021In: Information and Computer Security, E-ISSN 2056-4961, Vol. 29, no 4, p. 647-663Article, review/survey (Refereed)
    Abstract [en]

    Purpose

    For decades, literature has reported on the perceived conflict between usability and security. This mutual trade-off needs to be considered and addressed whenever security products are developed. Achieving well-balanced levels of both is a precondition for sufficient security as users tend to reject unusable solutions. To assess it correctly, usability should be evaluated in the context of security. This paper aims to identify and describe universally applicable and solution-independent factors that affect the perceived usability of security mechanisms.

    Design/methodology/approach

    The selected methodology was a systematic literature review during which multiple database resources were queried. Application of predefined selection criteria led to the creation of a bibliography before backward snowballing was applied to minimize the risk of missing material of importance. All 70 included publications were then analyzed through thematic analysis.

    Findings

    The study resulted in the identification of 14 themes and 30 associated subthemes representing aspects with reported influence on perceived usability in the context of security. While some of them were only mentioned sparsely, the most prominent and thus presumably most significant ones were: simplicity, information and support, task completion time, error rates and error management.

    Originality/value

    The identified novel themes can increase knowledge about factors that influence usability. This can be useful for different groups: end users may be empowered to choose appropriate solutions more consciously, developers may be able to avoid common usability pitfalls when designing new products and system administrators may benefit from a better understanding of how to configure solutions and how to educate users efficiently.

    Download full text (pdf)
    FULLTEXT01
  • 43.
    Lindqvist, Gunnar
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    How Privacy Concerns Impact Swedish Citizens’ Willingness to Report Crimes2022In: Human Aspects of Information Security and Assurance: 16th IFIP WG 11.12 International Symposium, HAISA 2022, Mytilene, Lesbos, Greece, July 6–8, 2022, Proceedings / [ed] Nathan Clarke; Steven Furnell, Cham: Springer Nature Switzerland AG , 2022, p. 209-217Conference paper (Refereed)
    Abstract [en]

    In today’s information technology-driven world, most criminal acts leave digital evidence. In such cases, cooperation through the handover of digital devices such as mobile phones from victims is a success factor that enables evidence-seeking through digital forensics. Unfortunately, forensic examinations of devices can become an additional negative consequence due to privacy invasion. Privacy invasion can make crime victims less cooperative and less willing to report crimes. To address this problem, we surveyed 400 Swedish adults to identify their hypothetical willingness to report certain crimes. The survey examined the impact a mobile phone handover made on the willingness to report a crime. Our findings demonstrate that mobile phone handover resulted in a significantly lower willingness to report crimes. However, the data could not show privacy as a common tendency cause. The presented results can be used as a reference for further research on attitudes and behaviours regarding the subject. 

  • 44.
    Lindqvist, Gunnar
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    How privacy concerns impact Swedish citizens’ willingness to report crimes: a quantitative mobile phone survey2023In: Information and Computer Security, E-ISSN 2056-4961, Vol. 31, no 3, p. 304-315Article in journal (Refereed)
    Abstract [en]

    Purpose

    The purpose of this paper is to identify whether there is a lower willingness to report a crime if a victim must hand in their mobile phone as evidence. If that is the case, the research seeks to examine whether privacy concerns and lower willingness correlate with one another and thereby investigate whether privacy concerns could lead to fewer crimes being reported and resolved.

    Design/methodology/approach

    A mobile phone survey was distributed to 400 Swedish adults to identify their hypothetical willingness to report certain crimes with and without handing in their mobile phones as evidence. The results were then analysed using inferential statistics.

    Findings

    The result suggests that there is no meaningful correlation between privacy attitudes and willingness to report crime when the handover of a mobile phone is necessary. The results of this study however show a significant lower willingness to report crimes when the mobile phone must be handed in.

    Research limitations/implications

    Because the chosen target group were Swedish adults, the research results may lack generalisability for other demographics. Therefore, researchers are encouraged to test other demographics.

    Originality/value

    This paper’s contribution is the novel exploration of attitudes and behaviours regarding the combination of privacy, digital forensics, mobile phones and crime reportage. This research effort examined the problematic situation that can arise for victims of crime, the invasion of privacy when providing evidence by handing in a mobile phone to the police’s forensic unit for examination.

    Download full text (pdf)
    FULLTEXT01
  • 45.
    Lindqvist, Gunnar
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Modig, Dennis
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Padyab, Ali Mohammad
    Högskolan i Skövde, Institutionen för informationsteknologi.
    How do Bitcoin Users Manage Their Private Keys?2021In: Proceedings of the 7th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2021): Virtual conference in Trento, Italy, October 11-12, 2021 / [ed] Peter Bednar; Alexander Nolte; Mikko Rajanen; Anna Sigridur Islind; Fatema Zaghloul; Helena Vallo Hult; Aurelio Ravarini; Alessio Maria Braccini, 2021, p. 11-21, article id paper 2Conference paper (Refereed)
    Abstract [en]

    Bitcoin has emerged as the most recognisable cryptocurrency due to its usages as a speculative asset,medium of exchange and store of value. The fundamental characteristics of trustless and secure soundmoney have made it appealing to people. As a result of the immutability of Bitcoin, monetary lossescaused by user security mistakes such as lose possession of private keys may hinder Bitcoin usage. Wesurveyed 339 Bitcoin users to explore the interaction between individuals and the technology of Bitcoinof how they safeguard their Bitcoin private keys. The results showed that users employed technologiesto enhance the protection of their Bitcoin private keys, such as encryption and multi-signature. However,a proportion of users employed less secure approaches. The study results suggest that users preferencrypting their private keys rather than multi-signature due to convenience and ease of use. Hardwarewallets were moreover the most used wallet by the participants. 

    Download full text (pdf)
    FULLTEXT01
  • 46.
    Modig, Dennis
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Gender equality in technical IT study programs on university level2018In: NU2018 - Det akademiska lärarskapet, 2018, article id 670Conference paper (Refereed)
    Abstract [en]

    One major issue in technical university study programs in IT is to get an even distribution of students of different genders in the classes. A consequence of having so few women in IT related study programs is that there will be an uneven distribution at technical IT positions at companies as well in the society, according to SCB (2016) only 20 % of the available IT maintenance, support and network technician positions where held by women in 2016. Network- and Systems administration at University of Skövde have this problem since the start in 2004, the common case is that between three and 11 percent of the admitted students are female and the rest are male. The case appears to be the same in rest of Europe as well in the US, mainly in technical branches of the IT educations (Riveiro, Bergström & Carlén, 2012; Beaubouef & Zhang, 2011).

    To find out the extent of the problem within the field of network and systems administration, interviews were made with program coordinators from similar study programs that teach within the subject. Collection of admission statistics for men and women on the different study programs was also done. The program coordinators where asked questions about how they perceive the gender balance in their study programs, which actions they have taken to improve it, which actions should be taken to improve the gender balance in the future, if there are any female role models within the courses and what they think could be the key to improve the gender balance in these kind of study programs.

    In this study, nine study programs that are similar in content to the network- and systems administration program of University of Skövde was identified. Six of the program coordinators participated in the interviews. The results from the collected admission statistics shows that women don’t tend to choose these kind of programs, roughly 10% of the newly admitted students are women each year. The results from the interviews show that the problem is across all study programs within the area of network- and systems administration. The identified problems where that the technical IT interest must be developed at an earlier age for many of the women if they are to be interested in applying. Further, equality problems often shows in the classroom environment, e.g. “boy talk” from the male students, making the women feel left out. Four out of six program coordinators think that increasing the interest of the subject early in age is the solution of the problem and that high school is too late for this kind of influence. One university had started a long term project with middle school pupils to increase the interest in technical IT of girls, as this is a project that cover early ages, results may be seen many years from now at university level. Two program coordinators mentioned that the content could be wider to include the areas of the field that is more interesting to both male and female students.

     

    References

    Beaubouef, T. & Zhang, W. (2011) Where are the women computer science students? Journal of Computing Sciences in Colleges, volume 26, Issue 4.

    Riveiro, M., Bergström, E. & Carlén, U. (2012) Inför en ökad jämställdhet i datavetenskapliga utbildningsprogram. Conference NU 2012.

    SCB (2016) Anställda 16 – 64 år efter Yrke (SSYK 2012) näringsgren SNI 2007, ålder, kön och år [Electronic]. Stockholm: SCB. Available on Internet: http://www.statistikdatabasen.scb.se/pxweb/sv/ssd/START__AM__AM0208__AM0208B/YREG61/?rxid=f45f90b6-7345-4877-ba25-9b43e6c6e299 [Retrieved 2018-03-19]

  • 47.
    Nohlberg, Marcus
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Exploring Information Security and Domestic Equality2020In: Human Aspects of Information Security and Assurance: 14th IFIP WG 11.12 International Symposium, HAISA 2020, Mytilene, Lesbos, Greece, July 8–10, 2020, Proceedings / [ed] Nathan Clarke, Steven Furnell, Cham: Springer , 2020, p. 224-232Conference paper (Refereed)
    Abstract [en]

    It is well known that men and women dier in terms of securitybehavior. For instance, studies report that gender plays a role insecurity non-compliance intentions, malware susceptibility, and securityself-ecacy. While one reason for gender-based dierences can be thatwomen are vastly underrepresented in the community of security professionals,the impact that gender dierences in security behavior haveon equality is an underresearched area. This paper argues that cyberinequalitycan impact domestic inequality and even be an enabler fordomestic abuse. This paper intends to shed light on how digitalizationworks in households in order to problematize around equality in the digitalera. It reports on a survey that measures dierent factors of personalinformation security and shows that men and women do indeed dierin personal information security behavior on a number of points suchas men being more inuential when it comes to ICT decisions in thehousehold.

  • 48.
    Nordberg, Pontus
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Automatic Detection of Fake News2020In: Proceedings of the 6th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2020): Virtual conference in Grenoble, France, June 8-9, 2020, CEUR-WS , 2020, p. 168-179Conference paper (Refereed)
    Abstract [en]

    Following the American presidential election in 2016, the terms ”fake news” was popularized and has since been a common term in the public vocabulary. While quite recently popularized, fake news is a phenomenon that is as old as news itself and is most commonly defined as purposeful disinformation used to untrue information or skewed reporting intended to push a certain narrative. In recent years, fake news has seen frequently in attempts to influence elections or by organized crime organizations in various efforts to make money, not least drawing from the ongoing CoVid-19 pandemic. We argue that the phenomenon must be researched from technical as well as from social aspects, since it involved using technical tools to spread information targeted humans. In this paper, we identify key methods for automatic fake news detection in order to lay the foundation for end-user support system designed to help users identify and avoid fake news.

    Download full text (pdf)
    FULLTEXT01
  • 49.
    Padyab, Ali
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Perceived Privacy Problems Within Digital Contact Tracing: A Study Among Swedish Citizens2021In: ICT Systems Security and Privacy Protection / [ed] Audun Jøsang; Lynn Futcher; Janne Hagen, Cham: Springer , 2021, p. 270-283Conference paper (Refereed)
    Abstract [en]

    Several governments employed digital contact tracing using smartphone apps to combat the COVID-19 pandemic in 2020. Research shows that privacy concerns hinder the adoption of such apps, while privacy problems which emerged by using them are empirically unknown. This study aims to uncover the dimensions of privacy problems available in digital contact tracing through a survey from 453 citizens in Sweden. Our results show that respondents found privacy problems regarding surveillance, identification, aggregation, secondary use, disclosure, and stigma highly relevant in contact tracing apps. Among demographic factors, younger respondents were generally more concerned about privacy risks than older respondents. This study extends previous literature by revealing privacy problems arising from contact tracing apps.

  • 50.
    Salek, Aous Al
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Kävrestad, Joakim
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Nohlberg, Marcus
    Högskolan i Skövde, Institutionen för informationsteknologi.
    Exploring Experiences of Using SETA in Nordic Municipalities2021In: Human Aspects of Information Security and Assurance: 15th IFIP WG 11.12 International Symposium, HAISA 2021, Virtual Event, July 7–9, 2021, Proceedings / [ed] Steven Furnell; Nathan Clarke, Cham: Springer , 2021, p. 22-31Conference paper (Refereed)
    Abstract [en]

    User behavior is a key aspect of cybersecurity and it is well documented that insecure user behavior is the root cause of the majority of all cybersecurity incidents. Security Education, Training, and Awareness (SETA) is described by practitioners and researchers as the most important tool for improving cybersecurity behavior and has been for several decades. Further, there are several ways to work with SETA found in academic literature and a lot of research into various aspects of SETA effectiveness. However, the problem of insecure user behavior remains revealing a need for further research in the domain. While previous research have looked at the users’ experience of SETA, this study looks at SETA adoption from the perspective of the adopting organization. For this purpose, a survey was sent out to all Nordic municipalities with the intent of measuring if and how SETA is conducted, and how the respondents would ideally like to conduct SETA. The results show that a majority of the participating organizations use SETA and that e-learning is the most common delivery method. However, the results also show that gamification and embedded training is seldom used in practice nor a part of the participants’ picture of ideal SETA.

12 1 - 50 of 51
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf