Visible to the public SBE: Small: Collaborative: Improving Security Behavior of Employees in Cyberspace through Evidence-based Malware Reports and E-Learning MaterialsConflict Detection Enabled

Project Details

Lead PI

Performance Period

Sep 15, 2013 - Aug 31, 2017


Old Dominion University Research Foundation

Award Number

Outcomes Report URL

As the use of Web applications has increased, malicious content and cyber attacks are rapidly increasing in both their frequency and their sophistication. For unwary users and their organizations, social media sites such as Tumblr, Facebook, MySpace, Twitter, and LinkedIn pose a variety of serious security risks and threats. Recent studies show that social media sites are more in use for delivering malware than were previously popular methods of email delivery. Because of this, many organizations are looking for ways to implement effective security policies. Getting employees to comply with a security policy, however, can be a significant challenge.

Studies show that the weakest link in a security chain is users. Thus, organizations need to find innovative methods to increase their employees' security awareness and their capabilities to engage in online security behavior. This project aims to study the factors that affect cyber security behavior, and use customized and evidence-based malware reports and e-learning materials to help employees more deeply understand their security risks and to improve their security behavior. The first stage of this project will be a large-scale survey study to identify key factors that affect organizational employees' security behavior. These data will be used to develop a psychological decision-making model for cyber security compliance. The second stage of this project will be a controlled experimental study to compare the effectiveness of different evidence-based interventions designed to increase employees' cyber security compliance.

This project will contribute to the understanding of cyber security behaviors of employees and the development of more effective cyber security policies. The developed model will explain and predict how various factors affect employees' cyber security behaviors. Project results will contribute to the psychological, behavioral, and educational theories relating to the basic processes by which people assess vulnerabilities and threats, choose adaptive or maladaptive coping strategies, and adopt new coping strategies. Through educational workshops, a project portal, journal publications, and conference presentations, the results of the project will reach a broad audience that includes corporate IT directors, managers, employees, researchers and practitioners in various industries such as real estate, financial services, logistics and supply chain, insurance and education.