Cyber Ways Podcast

In this thought-provoking episode of Cyber Ways, Tom and Craig discuss the intriguing topic of cybersecurity and religion with guests Dr. Karen Renaud and Dr. Marc Dupuis. Karen and Marc share insights from their research exploring the intersection of cybersecurity and world religions, offering a fresh perspective on enhancing cybersecurity practices.Key Points Covered:- The innovative research by Karen and Marc on leveraging positive values from world religions to influence cybersecurity behavior.- The discussion on the drawbacks of fear-based cybersecurity practices and the importance of fostering a positive culture within organizations.- Insights into the role of community, belonging, and sacred values in both religious communities and cybersecurity environments.- The parallels drawn between religious principles and cybersecurity practices, emphasizing adaptability, forgiveness, and the sense of belonging.- The significance of incorporating nonnegotiable values and building a culture that supports cybersecurity from top to bottom within organizations.As Karen and Marc shed light on the impact of incorporating religious values into cybersecurity, they advocate for a different perspective on how a sense of community, forgiveness, and grace can transform cybersecurity practices. Join Tom, Craig, Karen, and Marc as they explore the potential for positive change in cybersecurity culture by drawing upon timeless principles from world religions.Don't miss out on this enlightening episode of Cyber Ways and discover the transformative power of integrating religious values into cybersecurity practices. Tune in to gain a new perspective on building trust, community, and resilience in the ever-evolving landscape of cybersecurity.Subscribe now to Cyber Ways for more insightful discussions on innovative approaches to information security and stay ahead in the realm of cybersecurity. Go to https://cyber-ways-podcast.captivate.fm to subscribe.Guest biosKaren Renaud is a Scottish computing Scientist at the University of Strathclyde in Glasgow, working on all aspects of Human-Centered Security and Privacy. She is particularly interested in deploying behavioural science techniques to improve security behaviours, and in encouraging end-user privacy-preserving behaviours. She collaborates with academics in 5 continents and incorporates findings and techniques from multiple disciplines in her research. Marc J. Dupuis, Ph.D., is an Associate Professor within the Computing and Software Systems Division at the University of Washington Bothell where he also serves as the Graduate Program Coordinator. Dr. Dupuis earned a Ph.D. in Information Science at the University of Washington with an emphasis on cybersecurity. His research focuses on human factors related to cybersecurity, especially how psychological traits affect cybersecurity behaviors.

Discover the forces shaping your financial data's safety as we sit down with the eminent Jake Lee Jaeung, the Clifford Ray King Endowed Professor of Information Systems. In a landscape where cybercriminals lurk at every digital corner, we dissect how a blend of routine activity theory and practical cybersecurity can alter the terrain to our advantage. Together, we plunge into Jake's rigorous study with 461 financial institution employees and unravel the factors that skew risk perception and the likelihood of data breaches.With Jake's expertise, we peel back the layers of data security, challenging the conventional wisdom that greater transparency equals higher risk. This episode illuminates how the value of information, the effectiveness of guardians, and the strategic reduction of data availability can form a robust shield against unauthorized access. We also navigate the nuanced chess game of social engineering defenses, providing valuable insights and tangible actions that can be applied across industries to shield your organization's most precious assets from the prying eyes of the digital underworld.Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways PodcastCyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/

Are you ready to shift your perspective on cybersecurity? We've got Dr. Karen Renaud, the general chair of Dewald Roode Workshop (DRW) this year and a renowned figure in information security research, to guide us on this fascinating journey. We'll be dissecting the paradigm-shifting presentations, lively debates and thought-provoking discussions from the workshop, with a special focus on Basie von Solms' revolutionary thoughts on the future of cybersecurity.Looking to understand why people often disregard security procedures? Or how personality traits can impact the security decisions we make? Our discussion reveals that cautiousness, morality, and self-consciousness can positively affect security decisions, but increasing security knowledge doesn't always correlate with safer decisions. As we navigate through the papers, we'll also investigate how AI-enhanced security systems could alleviate user stress and transform the way we approach security training.We also tackle an under-discussed issue in the cybersecurity sphere: the misuse of system access and the potential for computer abuse by managers. With their unique position of trust and autonomy, could managers be the new insider threat to watch out for? We'll also delve into the role of habits in cyber hygiene, the promises and perils of AI in the field, and how these insights can be applied in the workplace. Join us for this enlightening discussion -- it's an episode you won't want to miss!DRW Website: https://drw2023.github.io/(All papers and the Key Note slides are available on the website.)Papers discussed:4Personality Facets and Behavior: Security Decisions under Competing Priorities,  Sanjay Goel, Jingyi Huang, Alan Dennis, Kevin WilliamsAn Examination of How Security-Related Stress, Burnout, and Accountability Design Features Affect Security Operations Decisions,  Mary Grace Kozuch, Adam Hooker, Philip Menard, Tien N Nguyen, Raymond ChooBosses Behaving Badly: Managers Committing Computer Abuse, Laura AmoEncouraging Peer Reporting of Information Security Wrongdoings: A Normative Ethics Perspective, Reza Mousavi, Adel Yazdanmehr, Jingguo Wang, Fereshteh GhahramaniImpact of Cyber Hygiene Behavior on Target Suitability using Dual Systems Embedded Dual Attitudes Model, Harsh Parekh, Andrew SchwarzThe Blend of Human Cognition and AI Automation: What Will ChatGPT Do to the Cybersecurity Landscape?, Hwee-Joo Kam, Chen Zhong, Hong Liu, Allen JohnstonIntro audio for the Cyber Ways Podcast Outro audio for Cyber Ways PodcastCyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/

Ever thought about the digital footprints you leave while surfing the web? What about those convenient log-ins via multiple accounts - ever wondered about the risks involved? This week, we're thrilled to talk with Professors France Belanger and Donna Wertalik of Virginia Tech University's Pamplin College of Business to help us unravel these intriguing questions. They're here to discuss their groundbreaking initiative, Voices of Privacy (https://www.voicesofprivacy.com/), aimed at raising awareness about the significance of online privacy and empowering individuals to make informed decisions about their data.Navigating the digital world can be a complex affair, with pitfalls and challenges at every turn. In our conversation with Prof. Belanger and Prof. Wertalik, we dissect the crucial distinction between security and privacy, highlighting the understated importance of data protection. We also touch upon the increasingly blurred lines between convenience and privacy, scrutinizing the risks of logging into websites and apps with multiple accounts. Besides, we evaluate the role of big corporations in safeguarding consumer data and the dire need for raising awareness about this issue.As we dig deeper into this compelling conversation, we explore the Voices of Privacy initiative further. We discuss their treasure trove of resources, including engaging webisodes and insightful talks with privacy experts. We also evaluate the upcoming webisodes on children's privacy and privacy during vacation - essential, thought-provoking content that everyone should check out. So, brace yourself for an enlightening exploration of online privacy and how you can better protect your data.Voices of Privacy website: https://www.voicesofprivacy.com/Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways PodcastCyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/

ChatGPT burst into public awareness only a few months ago. The popularity of ChatGPT and similar generative AI tools offer great promise, but also represent significant threats to cybersecurity. In this episode of Cyber Ways, Tom and Craig have a fascinating discussion with Dr. Karen Renaud of the University of Strathclyde and Dr. Merrill Warkentin of Mississippi State University about their recent article in MIT Sloan Management Review, which they co-authored with George Westerman of MIT's Sloan School of Management.Drs. Renaud and Warkentin talk about the effects of generative AI on cybersecurity and how these tools represent a threat, but can also be part of the solution. We talk about the importance of going beyond policies and describe new ways of thinking about cybersecurity. Renaud, K., Warkentin, M., & Westerman, G. (2023). From ChatGPT to HackGPT: meeting the cybersecurity threat of generative AI. https://pureportal.strath.ac.uk/en/publications/from-chatgpt-to-hackgpt-meeting-the-cybersecurity-threat-of-gener Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways PodcastCyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/

Phishing attempts remain an important attack vector, despite efforts to mitigate their effectiveness. In this episode of Cyber Ways, Tom and Craig talk with Dr. Deanna House of the University of Nebraska - Omaha about her paper that examines the relationship between fear messaging and the success of phishing attempts. Dr. House gives some actionable advice to security professionals who want to help their users avoid falling victim to phishing attempts.Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways PodcastCyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/

Security professionals often treat users as a major problem with securing information assets. But what if we could view humans as the SOLUTIONS?  Users aren't the enemy of security professionals and they shouldn't be treated as such. Our guest, Dr. Karen Renaud of Strathclyde University in Glasgow, Scotland, joins us to talk about the importance of treating users as allies, not the enemy, building a culture of security that focuses on successes, encourages learning, and builds resilience.Many of her ideas are captured in her 2019 paper:Zimmermann, V., & Renaud, K. (2019). Moving from a ‘human-as-problem” to a ‘human-as-solution” cybersecurity mindset. International Journal of Human-Computer Studies, 131, 169-187.Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways PodcastCyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/

Security is everyone's job. This is a common feeling among cyber security professionals, but users may feel differently. In this episode of Cyber Ways, Tom and Craig talk about why this may be so, and what security professionals can do about it.Citation: Van Slyke, C., & Belanger, F. (2020). Explaining the interactions of humans and artifacts in insider security behaviors: The mangle of practice perspective. Computers & Security, 99, 102064.For a copy of the paper, email vanslyke@latech.edu.Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways PodcastCyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/

Sometimes, as cybersecurity professionals, it's easy to forget what an attack is like for a user. In this episode, Tom interviews his Mother about a recent attack. Mom tells an interesting cautionary tale of falling for a convincing phishing attack. Tom and I offer thoughts on how security professionals can help users avoid such exploits.Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways PodcastCyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/

In this episode of Cyber Ways, Dr. Jeffrey Proudfoot of Bentley University joins Tom and Craig to discuss his research on how cybersecurity regulations affect cybersecurity maturity. Dr. Proudfoot is collaborating with Dr. Stuart Madnick of MIT's Sloan School of Business on this program of research. Dr. Proudfoot is an associate professor on information and process management in Bentley's business school and is also a research affiliate at MIT's "Cybersecurity at MIT Sloan" research group. He holds a Ph.D. in management information systems from the University of Arizona. Dr. Proudfoot's research focuses on various aspects of cybersecurity. He has published over 40 scholarly works, including articles in some of our top journals, including MIS Quarterly, Journal of the Association for Information Systems, and Journal of Management Information Systems. He has also received over $1 million in research funding from agencies such as the National Science Foundation.Citation: Proudfoot, J. and Madnick, S. (2022). Regulatory facilitators and impediments impacting cybersecurity maturity, Proceedings of the Twenty-Eighth Americas Conference on Information Systems, Minneapolis.Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways PodcastCyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/

Human trafficking is a huge, growing global problem. Sex trafficking is the most pervasive form of human trafficking. In this episode, we discuss how the Deliver Fund uses information technology to help law enforcement track the traffickers through their P.A.T.H. system. Drs. Giddens and Petter also discuss their research into factors that affect law enforcement officers' use of P.A.T.H.Dr. Laurie Giddens is an assistant professor in the department of Technology and Decision Sciences at North Texas University.Dr. Stacie Petter is a professor in the School of Business at Wake Forest University.Giddens, L., Petter, S., & Fullilove, M. H. (2021). Information technology as a resource to counter domestic sex trafficking in the United States. Information Systems Journal.Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways PodcastCyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/

Protecting organizational information systems and information assets is a complex undertaking for both security professionals and end-users. In this episode of Cyber Ways, we discuss behavioral complexity as it relates to end-users' security behaviors with Dr. Clay Posey of Brigham Young University and Dr. Tom Roberts of the University of Texas at Tyler. We talk with Drs. Posey and Roberts about their 2017 paper, Insiders' Adaptations to Security-Based Demands in the Workplace: An Examination of Security Behavioral Control, which was published in Information Systems Frontiers.Security Roles:Account protectionReporting of suspicious behaviorPolicy-driven awareness and actionVerbal and electronic sensitive-information protectionLegitimate email handlingProtection against unauthorized exposureDistinctive security etiquetteSecure software, email, and Internet useAppropriate data entry and managementWireless installationWidely applicable security etiquetteCo-worker relianceDocument conversionEquipment location and storageBurns, A. J., Posey, C., & Roberts, T. L. (2021). Insiders' adaptations to security-based demands in the workplace: An examination of security behavioral complexity. Information Systems Frontiers, 23(2), 343-Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways PodcastCyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/

Organizational insiders represent the biggest threat to information security. Because of this, controlling insider computer abuse remains an important cyber security priority. In this episode of Cyber Ways, Dr, A.J Burns of Louisiana State University, and Dr. Bryan Fuller of Louisiana Tech University discuss their research into the tensions between insider's motivations to commit computer abuse, and organization's attempts to control such behavior.Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways PodcastCyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/

The COVID-19 pandemic forced many people, and organizations, into telework, which led to the question of how to properly monitor teleworkers. In this episode of Cyber Ways, we talk with Grant Clary about his research into teleworker surveillance and how different modes of surveillance affect teleworker well-being.Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways PodcastCyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/

When it comes to security controls and communications, more may be less. More complex security requirements, increased security communication, and complex security policies may actually lead to less secure end-user behaviors. Why? Security fatigue -- users simply feel worn out by having to deal with information security. In this episode of Cyber Ways, Dr. John D'Arcy of the University of Delaware joins us to discuss his research (conducted with Alec Cram of the University of Waterloo, and Jeffrey Proudfoot of Bentley University) on the causes, symptoms, and consequences of security fatigue.Citation: Cram, W. A., Proudfoot, J. G., & D'Arcy, J. (2021). When enough is enough: Investigating the antecedents and consequences of information security fatigue. Information Systems Journal, 31(4), 521-549.Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways PodcastCyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/

In this episode of Cyber Ways, Tom and Craig discuss a classic behavioral security paper that explores how users rationalize their purposeful violations of security policy. Listen and learn the six common rationalizations and what security managers can do to reduce their effects.Citation:Siponen, M., & Vance, A. (2010). Neutralization: new insights into the problem of employee information systems security policy violations,  MIS Quarterly, 34(3), 487-502.Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways PodcastCyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/

Every day we are bombarded with security warnings that all look more-or-less the same. Over time, we tend to tune out these warnings through a process called habituation. In this episode of Cyber Ways, we discuss this problem and how to address it with Dr. Anthony (Tony) Vance of Virginia Tech. Dr. Vance and his colleagues have conducted fascinating research using sophisticated technologies including functional magnetic resonance imaging (fMRI) and eye tracking to gain an understanding of the extent of the habituation to warnings problem. They also demonstrate how changing the look of warnings can reduce habituation. Their research shows strong results, and has clear implications for security professionals.Citation: Vance, A., Jenkins, J. L., Anderson, B. B., Bjornn, D. K., & Kirwan, C. B. (2018). Tuning out security warnings: A longitudinal examination of habituation through fMRI, eye tracking, and field experiments. MIS Quarterly, 42(2), 355-380.Cyber Ways is a production of the Louisiana Tech University's Center for Information Assurance, which is housed in of the College of Business, Department of Computer Information Systems. Cyber Ways is funded by the College's Just Business grant program.For more information contact Craig Van Slyke (vanslyke@latech.edu).Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways PodcastCyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/

We humans, like all animals, are wired to respond to fear.  When a wildebeest senses a lion's presence, they go on alert and flee. Humans react similarly -- fear brings reaction. In this episode of Cyber Ways, we talk with Dr. Dennis Galletta from the Katz School of Business at the University of Pittsburg about his research into how to leverage users' fear to bring about protective behaviors, such as using antimalware software or backing up data. Boss, S. R., Galletta, D. F., Lowry, P. B., Moody, G. D., & Polak, P. (2015). What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors. MIS Quarterly, 39(4), 837-864.Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways PodcastCyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/

Many studies of cyber security behavior treat behaviors as the result of conscious thought. But, most behaviors are automatic and occur without any conscious deliberation of the benefits and risks of the behavior. Psychologists call this automatic thinking System 1 cognition as opposed to the more deliberative System 2 cognition. Unfortunately, System 1 thinking has rarely been studied in the context of security behaviors. In this episode of Cyber Ways, we talk with Dr. Alan Dennis about his groundbreaking research on the role of automatic thinking in cyber security. Dr. Dennis is Professor of Information Systems and John T. Chambers Chair of Internet Systems at Indiana University's Kelley School of Business. Dr. Dennis has written over 150 journal articles, with many of those published in top journals. He is Past President of the Association for Information Systems and also served as Vice President for Conferences. His many contributions to the field of information systems were recognized in 2012 when he was named a Fellow of the Association for Information Systems. In addition to his research and teaching, Dr. Dennis has been involved in several technology startups, including his current venture, Wisdom Springboard, which develops educational video games to help students learn analytics and cybersecurity.Dennis, A. R., & Minas, R. K. (2018). Security on autopilot: Why current security theories hijack our thinking and lead us astray. ACM SIGMIS Database: The DATABASE for Advances in Information Systems, 49(SI), 15-38.Email vanslyke@latech.edu for a copy of the paper.Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways PodcastCyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/

In this episode of Cyber Ways, Dr. Clay Posey of Brigham Young University, and Dr. Matthew Canham from the University of Central Florida join us to discuss their 2021 paper, “Phishing for Long Tails: Examining Organizational Repeat Clickers and Protective Stewards,” which was published in SAGE Open. The paper discusses an extensive research project that investigated user responses to phishing attempts. Their results indicate that the majority of phishing attempts clicks come from a minority of users. Also, some users not only never click on phishing attempts, but also tend to report the attempts. Clay and Matt discuss ways that security professionals can think differently about their users and security education, training, and awareness programs to make their organizations' systems more secure. You can access their paper here: https://journals.sagepub.com/doi/full/10.1177/2158244021990656Dr. Posey is an associate professor of information systems at Brigham Young University's Marriott School of Business. Prior to joining BYU, Dr. Posey was on the faculty of the University of Central Florida. He also served as a faculty member at the University of Alabama, where he was Associate Director of the Cyber Institute. He has published extensively in top journals, including MIS Quarterly, Journal of Management Information Systems, and Decision Sciences among many others. His research focuses primarily on behavioral aspects of information security and privacy. He is active in numerous professional organizations, including the IFIP Working Group 8.11/11.13 on Information Systems Security Research. We are proud to say that Dr. Posey is a graduate of Louisiana Tech's doctoral program.Dr. Canham is currently a research professor of cybersecurity at the University of Central Florida's Institute of Simulation and Training. His primary research focus is on defending against synthetic media or deepfake remote online social media attacks, human-AI hybrid defense teams, and preventing inference attacks. Prior to joining UCG. Dr. Canham was the program manager of the Emerging Technologies Program for the Operational Technology Division of the Department of Justice at Quantico, VA. He holds a doctorate in cognition, perception, and cognitive neuroscience from the University of California, Santa Barbara.Dr. Posey and Dr. Canham are founders of Beyond Layer 7, a consultancy that helps organizations better secure the human layer in organizational cybersecurity. See https://www.belay7.com/index.html for more details.Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways PodcastCyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/

The Cyber Ways podcast is brought to you by the Center for Information Assurance, at Louisiana Tech University's College of Business. Cyber Ways is funded through a Just Business grant, made possible through the generosity of donors to the Louisiana Tech University College of Business. For more information contact Craig Van Slyke at vanslyke@latech.eduIntro audio for the Cyber Ways Podcast Outro audio for Cyber Ways PodcastCyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/

In this episode of Cyber Ways, Craig interviews co-host Dr. Tom Stafford about his 2021 paper, Platform-Dependent Computer Security Complacency: The Unrecognized Insider Threat, which was published in the IEEE Transactions on Engineering Management.Dr. Stafford is the J.E. Barnes Eminent Scholar in Data Analytics at Louisiana Tech University. He holds doctorates in Marketing from the University of Georgia, and Management Information Systems from the University of Texas at Arlington. In addition to publishing dozens of articles in high-quality journals, he has served as Editor-in-Chief of the Decision Sciences Journal, and is currently co-Editor-in-Chief of The DATA BASE for Advances in Information Systems,  which is the oldest continuously-published journal in information systems. Dr. Stafford also co-chaired the 2018 Americas Conference on Information Systems, and the 2019 IFIP 8.11/11.13 Information Security Workshop. He is also co-chairing the 2025 International Conference in Information Systems. Tom's paper discusses how many problematic security behaviors are the result of complacency or ignorance, rather than explicit malicious behavior. He also describes the concept of cyber-complacency, which he defines as an unconcerned dependence on technological security protections.Abstract (direct copy from the paper)This article reports on a grounded theory investigation of subject response anomalies that were encountered in the course of a neurocognitive laboratory study of computer user cybersecurity behaviors. Subsequent qualitative data collection led to theoretical development in specification of three broad constructs of computer user security complacency. Theoretical insights indicate that states of security complacency can arise in the form of a naïve lack of concern about the likelihood of facing security threats (inherent complacency), from ill-advised dependence upon specific computing platforms and protective workplace technology implementations for protection (platform complacency), as well as the reliance on the guidance on advice from trusted social others in personal and workplace networks (social complacency). Elements of an emergent theory of cybersecurity complacency arising from our interpretive insights are discussed.Link to the paper: https://ieeexplore.ieee.org/document/9373614The Cyber Ways podcast is brought to you by the Center for Information Assurance, at Louisiana Tech University's College of Business. Cyber Ways is funded through a Just Business grant, made possible through the generosity of donors to the Louisiana Tech University College of Business.Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways PodcastCyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/

Whether we know it or not, our behaviors, including those related to cybersecurity, are influenced by others. Sometimes this is obvious, such as when we read reviews before reserving a hotel room, but often the effects are more subtle. In this episode of Cyber Ways, Dr. Merrill Warkentin of Mississippi State University joins us to discuss his 2020 paper, "Can Secure Behaviors be Contagious? A Two-Stage Investigation of the Influence of Herd Behavior on Security Decisions, which was published in the Journal of the Association for Information Systems. Dr. Warkentin co-authored the paper with Dr. Ali Vedadi of Middle Tennessee State University. Vedadi, A., & Warkentin, M. (2020). Can secure behaviors be contagious? A two-stage investigation of the influence of herd behavior on security decisions. Journal of the Association for Information Systems, 21(2), 428-459. doi: 10.17705/1jais.00607.Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways PodcastCyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/

The Cyber Ways Podcast brings academic cyber security research into the "real world." We interview top academic researchers to find how their research can be put into practice by cyber security professionals. Our focus is on behavioral aspects of cyber security. Occasionally, we touch on related topics, such as information privacy and surveillance.Each episode discusses one published, peer-reviewed article to reveal the practical implications of the research. Your hosts, Tom Stafford and Craig Van Slyke,  are both widely published information systems academics who keep one foot in the world of practice. The Cyber Ways Podcast is brought to you by the Center for  Information Assurance at the Louisiana Tech University's College of Business. The Cyber Ways podcast is funded through a Just Business grant, made possible through the generosity of donors to the Louisiana Tech University College of Business.Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.https://business.latech.edu/cyberways/