RISCS Project Catalogue

The RISCS Project Catalogue is a key publication intended to be a succinct summary of all completed and ongoing projects. It is developed and maintained by the RISCS Policy Adviser, and as such it is tailored for a policy audience. Nonetheless, the content will be of relevance to industry, academic, and general-interest readers.

You can download the most recent version of the Catalogue here.

UK Cyber Security Policy Making Interactive Map

This interactive map attempts to represent how cyber security is organised within the UK Government. It consists approximately 2400 nodes representing data points, along with 2000 active links out to websites.

You can find out more and access the map here.

RISCS Annual Report

The Annual Report covers RISCS activity over the last year, highlighting some of the exciting developments across our themes in sociotechnical cybersecurity research. This work has been driven by our seven Fellows, who have worked hard to set out research agendas and expand the communities in their respective fields.

You can download the most recent version of the Annual Report here.

All Publications

A Decision Making Model of Behavior in Information Security

Iryna Yevseyeva, Charles Morisset, Thomas Groß, Aad van Moorsel Abstract Information security decisions typically involve a trade-off between security and productivity. In practical settings, it is often the human user who is best positioned to make this trade-off...

A Formal Model for Soft Enforcement: Influencing the Decision-Maker

Charles Morisset, Iryna Yevseyeva, Thomas Groß, Aad van Moorsel Abstract We propose in this paper a formal model for soft enforcement, where a decision-maker is influenced towards a decision, rather than forced to select that decision. This novel type of enforcement...

A Tactile Visual Library To Support User Experience Storytelling

Makayla Lewis and Lizzie Coles-Kemp Abstract This paper presents an adult visual narrative stimulus (tactile visual library) that supports the reduction of physical distance between the user-centred design practitioner (maker of the visual narrative artefact) and the...

A Year is a Short Time in Cyber-Space

Date: June 2014Published: Industry & Parliament Trust Report: Cyber Security 2.0: Reflections on UK/EU Cyber-Security Co-OperationPublisher: Industry and Parliament TrustPublisher URL: http://www.ipt.org.ukFull Text:...

Adding Insult to Injury

Jennett, Charlene; Brostoff, Sacha; Malheiros, Miguel; Sasse, M. Angela Abstract: To inspire confidence in consumer credit and improve outcomes for consumers, negative experiences such as being denied credit must be handled appropriately. We conducted an online survey...

Addressing Consumerisation of IT Risks with Nudging

Iryna Yevseyeva, James Turland, Charles Morisset, Lynne Coventry, Thomas Gross, Christopher Laing, Aad van Moorsel Abstract In this work we address the main issues of Information Technology (IT) consumerization that are related to security risks, and vulnerabilities...

An Anatomy of Security Conversations in Stack Overflow

Abstract As software-intensive digital systems become an integral part of modern life, ensuring that these systems are developed to satisfy security and privacy requirements is an increasingly important societal concern. This paper examines how secure coding practice...

Barriers to Usable Security? Three Organizational Case Studies

Deanna D. Caputo, Shari Lawrence Pfleeger and M. Angela Sasse Abstract Usable security assumes that when security functions are more usable, people are more likely to use them, leading to an improvement in overall security. Existing software design and engineering...

Captchat: A Messaging Tool to Frustrate Ubiquitous Surveillance

Paul Dunphy, Johannes Schöning, James Nicholson, Patrick Olivier Abstract There is currently a widespread uncertainty regarding the ability of citizens to control privacy online in the face of ubiquitous surveillance. This is a huge and complex societal problem....

Comparing Decision Support Approaches for Cyber Security Investment

Andrew Fielder, Emmanouil Panaousis, Pasquale Malacaria, Chris Hankin, Fabrizio Smeraldi Abstract When investing in cyber security resources, information security managers have to follow effective decision-making strategies. We refer to this as the cyber security...