Bibliography for IY5613: Human Aspects of Information Security and Privacy

Acquisti, A. and Grossklags, J. (2005) ‘Privacy and Rationality in Individual Decision Making’, IEEE Security and Privacy Magazine, 3(1), pp. 26–33. Available at: https://doi.org/10.1109/MSP.2005.22.

Adams, A. and Sasse, M.A. (1999) ‘Users Are Not the Enemy’, Communications of the ACM, 42(12), pp. 40–46. Available at: https://doi.org/10.1145/322796.322806.

Arıcak, O.T., Dündar, Ş. and Saldaña, M. (2015) ‘Mediating Effect of Self-Acceptance Between Values and Offline/online Identity Expressions Among College Students’, Computers in Human Behavior, 49, pp. 362–374. Available at: https://doi.org/10.1016/j.chb.2015.03.025.

Bulgurcu, B., Cavusoglu, H. and Benbasat, I. (2010) ‘Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness’, MIS Quarterly, 34(3). Available at: https://doi.org/10.2307/25750690.

Cho, H., Lee, J.-S. and Chung, S. (2010) ‘Optimistic Bias About Online Privacy Risks: Testing the Moderating Effects of Perceived Controllability and Prior Experience’, Computers in Human Behavior, 26(5), pp. 987–995. Available at: https://doi.org/10.1016/j.chb.2010.02.012.

Cialdini, R.B. (2007) Influence: The Psychology of Persuasion. Revised edition. New York: Collins.

Cialdini, R.B. (2009) Influence: The Psychology of Persuasion. EPub edition. New York: Collins. Available at: https://www.safaribooksonline.com/library/view/-/9780061899874/?ar.

Ciampa, M.D. (2017) Security Awareness: Applying Practical Security in Your World. Fifth edition. Australia: Cengage Learning.

Clarke, R. (2009) ‘Privacy Impact Assessment: Its Origins and Development’, Computer Law & Security Review, 25(2), pp. 123–135. Available at: https://doi.org/10.1016/j.clsr.2009.02.002.

Colwill, C. (2009) ‘Human Factors in Information Security: The Insider Threat – Who Can You Trust These Days?’, Information Security Technical Report, 14(4), pp. 186–196. Available at: https://doi.org/10.1016/j.istr.2010.04.004.

Da Veiga, A. and Eloff, J.H.P. (2010) ‘A Framework and Assessment Instrument for Information Security Culture’, Computers & Security, 29(2), pp. 196–207. Available at: https://doi.org/10.1016/j.cose.2009.09.002.

Dennedy, M.F., Fox, J. and Finneran, T.R. (2014) The Privacy Engineer’s Manifesto: Getting From Policy to Code to QA to Value. [Place of publication not identified]: Apress Open.

Dourish, P. and Anderson, K. (2006) ‘Collective Information Practice: Exploring Privacy and Security as Social and Cultural Phenomena’, Human-Computer Interaction, 21(3), pp. 319–342. Available at: https://doi.org/10.1207/s15327051hci2103_2.

Gupta, M. and Sharman, R. (2009) Social and Human Elements of Information Security: Emerging Trends and Countermeasures. Hershey, PA: Information Science Reference. Available at: http://ezproxy01.rhul.ac.uk/login?url=http://www.dawsonera.com/depp/reader/protected/external/AbstractView/S9781605660370.

Hadnagy, C. (2010) Social Engineering: The Art of Human Hacking. John Wiley & Sons.

Hadnagy, C. (2011) Social Engineering: The Art of Human Hacking. Indianapolis, Ind: Wiley. Available at: http://ezproxy01.rhul.ac.uk/login?url=http://www.dawsonera.com/depp/reader/protected/external/AbstractView/S9781118028018.

Herath, T. and Rao, H.R. (2009) ‘Encouraging Information Security Behaviors in Organizations: Role of Penalties, Pressures and Perceived Effectiveness’, Decision Support Systems, 47(2), pp. 154–165. Available at: https://doi.org/10.1016/j.dss.2009.02.005.

Herath, T. and Rao, H Raghav (2009) ‘Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations’, European Journal of Information Systems, 18(2), pp. 106–125. Available at: https://doi.org/10.1057/ejis.2009.6.

Hovav, A. and D’Arcy, J. (2012) ‘Applying an Extended Model of Deterrence Across Cultures: An Investigation of Information Systems Misuse in the U.S. and South Korea’, Information & Management, 49(2), pp. 99–110. Available at: https://doi.org/10.1016/j.im.2011.12.005.

Ifinedo, P. (2012) ‘Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory’, Computers & Security, 31(1), pp. 83–95. Available at: https://doi.org/10.1016/j.cose.2011.10.007.

Johnston and Warkentin (2010) ‘Fear Appeals and Information Security Behaviors: An Empirical Study’, MIS Quarterly, 34(3). Available at: https://doi.org/10.2307/25750691.

Leeuw, K. de and Bergstra, J.A. (2007a) The History of Information Security: A Comprehensive Handbook. Amsterdam: Elsevier.

Leeuw, K. de and Bergstra, J.A. (2007b) The History of Information Security: A Comprehensive Handbook. Amsterdam: Elsevier. Available at: http://ezproxy01.rhul.ac.uk/login?url=http://www.dawsonera.com/depp/reader/protected/external/AbstractView/S9780080550589.

Magnusson, J. (2013) ‘Intentional Decentralization and Instinctive Centralization’, Information Resources Management Journal, 26(4), pp. 1–17. Available at: https://doi.org/10.4018/irmj.2013100101.

Mitnick, K.D. and Simon, W.L. (2011) Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker. New York: Little, Brown.

Okenyi, P.O. and Owens, T.J. (2007) ‘On the Anatomy of Human Hacking’, Information Systems Security, 16(6), pp. 302–314. Available at: https://doi.org/10.1080/10658980701747237.

Öqvist, K.L. (2018a) Hands-On Guide to GDPR Compliance: Privacy by Design, Privacy by Default. Portsmouth, NH: International Association for Privacy Professionals.

Öqvist, K.L. (2018b) Hands-On Guide to GDPR Compliance: Privacy by Design, Privacy by Default. Portsmouth, NH: International Association for Privacy Professionals.

Pfleeger, S.L., Sasse, M.A. and Furnham, A. (2014) ‘From Weakest Link to Security Hero: Transforming Staff Security Behavior’, Journal of Homeland Security and Emergency Management, 11(4). Available at: https://doi.org/10.1515/jhsem-2014-0035.

Safa, N.S. (2016) ‘Human Aspects of Information Security in Organisations’, Computer Fraud & Security, 2016(2), pp. 15–18. Available at: https://doi.org/10.1016/S1361-3723(16)30017-3.

Sharman, R. and Gupta, M. (2008) Social and Human Elements of Information Security: Emerging Trends and Countermeasures. Hershey, Pa: Information Science Reference.

Smith, G.M. (2005) ‘Into Cerberus’ Lair: Bringing the Idea of Security to Light’, The British Journal of Politics and International Relations, 7(4), pp. 485–507. Available at: https://doi.org/10.1111/j.1467-856x.2005.00204.x.

Warren, S.D. and Brandeis, L.D. (1890) ‘The Right to Privacy’, Harvard Law Review, 4(5). Available at: https://doi.org/10.2307/1321160.

Wilson, M. and Hash, J. (no date) ‘Building an Information Technology Security Awareness and Training Program’. Available at: https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=151287.

Wright, D. and Hert, P. de (eds) (2012) Privacy Impact Assessment. Dordrecht: Springer.

Bibliography for IY5613: Human Aspects of Information Security and Privacy BETA