Bibliography for IY5613: Human Aspects of Information Security and Privacy BETA

Acquisti, A., and J. Grossklags, ‘Privacy and Rationality in Individual Decision Making’, IEEE Security and Privacy Magazine, 3.1 (2005), 26–33 <https://doi.org/10.1109/MSP.2005.22>

Adams, Anne, and Martina Angela Sasse, ‘Users Are Not the Enemy’, Communications of the ACM, 42.12 (1999), 40–46 <https://doi.org/10.1145/322796.322806>

Arıcak, Osman Tolga, Şahin Dündar, and Mark Saldaña, ‘Mediating Effect of Self-Acceptance Between Values and Offline/Online Identity Expressions Among College Students’, Computers in Human Behavior, 49 (2015), 362–74 <https://doi.org/10.1016/j.chb.2015.03.025>

Bulgurcu, Burcu, Hasan Cavusoglu, and Izak Benbasat, ‘Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness’, MIS Quarterly, 34.3 (2010) <https://doi.org/10.2307/25750690>

Cho, Hichang, Jae-Shin Lee, and Siyoung Chung, ‘Optimistic Bias About Online Privacy Risks: Testing the Moderating Effects of Perceived Controllability and Prior Experience’, Computers in Human Behavior, 26.5 (2010), 987–95 <https://doi.org/10.1016/j.chb.2010.02.012>

Cialdini, Robert B., Influence: The Psychology of Persuasion, Revised edition (New York: Collins, 2007)

———, Influence: The Psychology of Persuasion, EPub edition (New York: Collins, 2009) <https://www.safaribooksonline.com/library/view/-/9780061899874/?ar>

Ciampa, Mark D., Security Awareness: Applying Practical Security in Your World, Fifth edition (Australia: Cengage Learning, 2017)

Clarke, Roger, ‘Privacy Impact Assessment: Its Origins and Development’, Computer Law & Security Review, 25.2 (2009), 123–35 <https://doi.org/10.1016/j.clsr.2009.02.002>

Colwill, Carl, ‘Human Factors in Information Security: The Insider Threat – Who Can You Trust These Days?’, Information Security Technical Report, 14.4 (2009), 186–96 <https://doi.org/10.1016/j.istr.2010.04.004>

Da Veiga, A., and J.H.P. Eloff, ‘A Framework and Assessment Instrument for Information Security Culture’, Computers & Security, 29.2 (2010), 196–207 <https://doi.org/10.1016/j.cose.2009.09.002>

Dennedy, Michelle Finneran, Jonathan Fox, and Thomas R. Finneran, The Privacy Engineer’s Manifesto: Getting From Policy to Code to QA to Value ([Place of publication not identified]: Apress Open, 2014)

Dourish, Paul, and Ken Anderson, ‘Collective Information Practice: Exploring Privacy and Security as Social and Cultural Phenomena’, Human-Computer Interaction, 21.3 (2006), 319–42 <https://doi.org/10.1207/s15327051hci2103_2>

Gupta, Manish, and Raj Sharman, Social and Human Elements of Information Security: Emerging Trends and Countermeasures (Hershey, PA: Information Science Reference, 2009) <http://ezproxy01.rhul.ac.uk/login?url=http://www.dawsonera.com/depp/reader/protected/external/AbstractView/S9781605660370>

Hadnagy, Christopher, Social Engineering: The Art of Human Hacking (John Wiley & Sons, 2010)

———, Social Engineering: The Art of Human Hacking (Indianapolis, Ind: Wiley, 2011) <http://ezproxy01.rhul.ac.uk/login?url=http://www.dawsonera.com/depp/reader/protected/external/AbstractView/S9781118028018>

Herath, Tejaswini, and H Raghav Rao, ‘Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations’, European Journal of Information Systems, 18.2 (2009), 106–25 <https://doi.org/10.1057/ejis.2009.6>

Herath, Tejaswini, and H.R. Rao, ‘Encouraging Information Security Behaviors in Organizations: Role of Penalties, Pressures and Perceived Effectiveness’, Decision Support Systems, 47.2 (2009), 154–65 <https://doi.org/10.1016/j.dss.2009.02.005>

Hovav, Anat, and John D’Arcy, ‘Applying an Extended Model of Deterrence Across Cultures: An Investigation of Information Systems Misuse in the U.S. and South Korea’, Information & Management, 49.2 (2012), 99–110 <https://doi.org/10.1016/j.im.2011.12.005>

Ifinedo, Princely, ‘Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory’, Computers & Security, 31.1 (2012), 83–95 <https://doi.org/10.1016/j.cose.2011.10.007>

Johnston and Warkentin, ‘Fear Appeals and Information Security Behaviors: An Empirical Study’, MIS Quarterly, 34.3 (2010) <https://doi.org/10.2307/25750691>

Leeuw, Karl de, and J. A. Bergstra, The History of Information Security: A Comprehensive Handbook (Amsterdam: Elsevier, 2007)

———, The History of Information Security: A Comprehensive Handbook (Amsterdam: Elsevier, 2007) <http://ezproxy01.rhul.ac.uk/login?url=http://www.dawsonera.com/depp/reader/protected/external/AbstractView/S9780080550589>

Magnusson, Johan, ‘Intentional Decentralization and Instinctive Centralization’, Information Resources Management Journal, 26.4 (2013), 1–17 <https://doi.org/10.4018/irmj.2013100101>

Mitnick, Kevin D., and William L. Simon, Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker (New York: Little, Brown, 2011)

Okenyi, Peter O., and Thomas J. Owens, ‘On the Anatomy of Human Hacking’, Information Systems Security, 16.6 (2007), 302–14 <https://doi.org/10.1080/10658980701747237>

Öqvist, Karen Lawrence, Hands-On Guide to GDPR Compliance: Privacy by Design, Privacy by Default (Portsmouth, NH: International Association for Privacy Professionals, 2018)

———, Hands-On Guide to GDPR Compliance: Privacy by Design, Privacy by Default (Portsmouth, NH: International Association for Privacy Professionals, 2018)

Pfleeger, Shari Lawrence, M. Angela Sasse, and Adrian Furnham, ‘From Weakest Link to Security Hero: Transforming Staff Security Behavior’, Journal of Homeland Security and Emergency Management, 11.4 (2014) <https://doi.org/10.1515/jhsem-2014-0035>

Safa, Nader Sohrabi, ‘Human Aspects of Information Security in Organisations’, Computer Fraud & Security, 2016.2 (2016), 15–18 <https://doi.org/10.1016/S1361-3723(16)30017-3>

Sharman, Raj, and Manish Gupta, Social and Human Elements of Information Security: Emerging Trends and Countermeasures (Hershey, Pa: Information Science Reference, 2008)

Smith, Graham M., ‘Into Cerberus’ Lair: Bringing the Idea of Security to Light’, The British Journal of Politics and International Relations, 7.4 (2005), 485–507 <https://doi.org/10.1111/j.1467-856x.2005.00204.x>

Warren, Samuel D., and Louis D. Brandeis, ‘The Right to Privacy’, Harvard Law Review, 4.5 (1890) <https://doi.org/10.2307/1321160>

Wilson, Mark, and Joan Hash, ‘Building an Information Technology Security Awareness and Training Program’ <https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=151287>

Wright, David, and Paul de Hert, eds., Privacy Impact Assessment (Dordrecht: Springer, 2012), volume 6