Slides from the 'people are the strongest link' session at CyberUK 2017 given by Prof. Joinson. Discusses six principles of behaviour change to apply to cybersecurty
5. The ‘who and what?’ of security behaviour
“…the styles, approaches and values that the organisation
wishes to adopt towards security. It can range from whether
employees adhere to a clear desk policy to whether they
share sensitive information on social networking sites.”
http://www.cpni.gov.uk/Documents/Publications/2016/03.08.
2016%20SeCuRE%20Tool.pdf
6. 8
COM-B system for analysing
behaviour in context (Michie et
al., 2011)
Michie et al., 2011
14. 7
Common terms for methods for
inducing behaviour change
Educate
Train
Help
Expose to
Inform
Discuss
Suggest
Encourage
Incentivise
Ask
Order
Plead
Coerce
Force
Provide
Prompt
Constrain
Michie et al., 2011
15. 9
Common terms for methods for
inducing behaviour change
Capability
Educate
Train
Help
Motivation
Expose to
Inform
Discuss
Suggest
Encourage
Incentivise
Ask
Order
Plead
Coerce
Force
Opportunity
Provide
Prompt
Constrain
Michie et al., 2011
16. self-monitoring in
cycling
Piwek, L., Joinson, A., & Morvan, J. (2015). The use of self-monitoring solutions
amongst cyclists: An online survey and empirical study. Transportation Research Part A:
Policy and Practice, 77, 126-136.
is self-monitoring mainly relevant for
performance-oriented cyclists?
19. total number of days cycled to campus in 5 weeks
total distance
cycled across
5 weeks (km)
non-trackers
trackers, high engagement with self-monitoring
trackers, low engagement with self-monitoring
23. Click rates vary hugely
Average ~ 15% in largest data set (63,000)
Authority, Urgency, Curiosity worked best
Few demographic differences, subsets of
vulnerable users.