Featured Publications
All Publications
Remote Working and Cyber Security – Literature Review
While various research strands have started exploring the impact of remote working on employees’ mental health and productivity, there is little insight on how approaches to cyber risk and resilience have been impacted through the shift. Our research objectives focus...
Emerging Insights: Cyber Security Incentives and the Role of Cyber Insurance
Flo Greatrix, RISCS Policy Impact Officer A new report by James Sullivan (RUSI) and Jason Nurse (University of Kent) has been recently published as part of their RISCS Funded project: ‘Incentivising cybersecurity through cyber insurance’. It considers the...
New RISCS Policy briefing: a framework to assess evidence quality in cyber security policy making
We are thrilled to share our new policy briefing based on the Evaluating Cyber Security Evidence for Policy Advice” (ECSEPA) project led by Professor Madeline Carr (UCL) and Professor Siraj Shaikh (Coventry University). Civil servants across the UK Government are...
Cyber Insurance and Risk Management: Challenges and Opportunities
UCL gates in March 2020 A new playground for underwriters? Corporate boards the world over are scrambling to address the unique challenges of the COVID-19 global pandemic – particularly the impact of social distancing. In addition to the obvious problems this causes...
Talking about Security with Professional Developers
Tamara Lopez, Helen Sharp, Thein Tun, Arosha Bandara (School of Computing & Communications, The Open University) and Mark Levine (Department of Psychology, University of Exeter) and Bashar Nuseibeh (Lero – The Irish Software Research Centre, University of Limerick).
RISCS Annual Report 2016
The RISCS Annual Report 2016 was released at the UK Cyber Security Research Institutes Conference in October 2016, and is available to download.
RISCS Annual Report 2017
The RISCS Annual Report 2017 was released at the UK Cyber Security Research Institutes Conference in October 2017, and is available to download here (opens PDF)
RISCS Annual Report 2018
The 2018 RISCS Annual Report was released at the UK Cyber Security Research Institutes Conference in October 2018, and is available to download here (opens PDF).
RISCS Annual Report 2019
We are delighted to present the 2019 RISCS Annual Report. The Report brings you progress updates of the RISCS projects, informs of recent changes at RISCS and shares our plans for 2020. Download the report here.
“I don’t like putting my face on the Internet!”: An acceptance study of face biometrics as a CAPTCHA replacement
Kat Krol, Simon Parkin and M. Angela Sasse Abstract Biometric technologies have the potential to reduce the effort involved in securing personal activities online, such as purchasing goods and services. Verifying that a user session on a website is attributable to a...
”Comply or Die” is Dead: Long Live Security-Aware Principal Agents
Iacovos Kirlappos, Adam Beautement and M. Angela Sasse Abstract Information security has adapted to the modern collaborative organisational nature, and abandoned "command-and-control" approaches of the past. But when it comes to managing employee's information...
A Bayesian Approach to Portfolios Selection in Multicriteria Group Decision Making
Michael T.M. Emmerich, André H. Deutz and Iryna Yevseyeva Abstract In the a-posteriori approach to multicriteria decision making the idea is to first find a set of interesting (usually non-dominated) decision alternatives and then let the decision maker select among...
A Decision Making Model of Behavior in Information Security
Iryna Yevseyeva, Charles Morisset, Thomas Groß, Aad van Moorsel Abstract Information security decisions typically involve a trade-off between security and productivity. In practical settings, it is often the human user who is best positioned to make this trade-off...
A Formal Model for Soft Enforcement: Influencing the Decision-Maker
Charles Morisset, Iryna Yevseyeva, Thomas Groß, Aad van Moorsel Abstract We propose in this paper a formal model for soft enforcement, where a decision-maker is influenced towards a decision, rather than forced to select that decision. This novel type of enforcement...
A Tactile Visual Library To Support User Experience Storytelling
Makayla Lewis and Lizzie Coles-Kemp Abstract This paper presents an adult visual narrative stimulus (tactile visual library) that supports the reduction of physical distance between the user-centred design practitioner (maker of the visual narrative artefact) and the...
A Year is a Short Time in Cyber-Space
Date: June 2014Published: Industry & Parliament Trust Report: Cyber Security 2.0: Reflections on UK/EU Cyber-Security Co-OperationPublisher: Industry and Parliament TrustPublisher URL: http://www.ipt.org.ukFull Text:...
Adding Insult to Injury
Jennett, Charlene; Brostoff, Sacha; Malheiros, Miguel; Sasse, M. Angela Abstract: To inspire confidence in consumer credit and improve outcomes for consumers, negative experiences such as being denied credit must be handled appropriately. We conducted an online survey...
Addressing Consumerisation of IT Risks with Nudging
Iryna Yevseyeva, James Turland, Charles Morisset, Lynne Coventry, Thomas Gross, Christopher Laing, Aad van Moorsel Abstract In this work we address the main issues of Information Technology (IT) consumerization that are related to security risks, and vulnerabilities...
An Anatomy of Security Conversations in Stack Overflow
Abstract As software-intensive digital systems become an integral part of modern life, ensuring that these systems are developed to satisfy security and privacy requirements is an increasingly important societal concern. This paper examines how secure coding practice...
An Exploratory Study of User Perceptions of Payment Methods in the UK and the US
Kat Krol, Muhammad Sajidur Rahman, Simon Parkin, Emiliano De Cristofaro and Eugene Y. Vasserman Abstract This paper presents the design and the results of a cross-cultural study of user perceptions and attitudes toward electronic payment methods. We conduct a series...