Information security awareness and behaviour: of trained and untrained home users in Sweden.

Hammarstrand, Johanna, Fu, Tommy

January 2015

Today we live in an information society that is constantly growing in terms of the amount of information that are processed, stored, and communicated. Information security is a field that is of concern for both the individual and the society as a whole, as both groups are exposed to information every day. A society like this will demand more emphasis on information security. Previous researchers that has addressed this problem argues that security awareness is the most significant factor in order to raise the general security level. They also mention education as a solution to increase the security awareness and thereby achieve a secure environment. The aim of this thesis is to examine the differences between trained and untrained home users in security awareness and behaviour. The research was conducted, using a quantitative method in form of a survey research with the distribution of self-completion questionnaires. The study has a total of 162 respondents that participated. The result was presented and analysed through the use of the software program, IBM SPSS. The results of the findings suggest that the awareness of the trained home users is higher than of those who are untrained home users. Additionally, the discussion suggests that the home users who have participated in awareness raising initiatives, such as education and training, does not necessarily apply more security measures in their home environment, than those who are regarded as untrained home users. Hence, this study suggests that the increase in awareness may not necessarily be the only factor that affects the user’s behaviour, since those who have not participated in awareness raising initiatives applies security measures, almost to the same extent to those who have. This thesis might be able to act as a foundation for future research within the field, considering that the research is a comparative study between trained and untrained home users of the variables security awareness and behaviour where the found results, does not fully agree with previous research. However, an increase in awareness is a good start, but may need to be paired with appropriate training from other parties, such as internet service providers (ISPs) and banks. Maybe the solution could be to develop and strive for a continuous information security culture of the Swedish society, which may result in a deeper learning and understanding of security issues and inspire home users to be engaged and proactive about their information security behaviour.

information security awareness

information security behaviour

trained home user

untrained home user

Computer and Information Sciences

Data- och informationsvetenskap

En undersökning i datasäkerhet för hemanvändare : Är det nödvändigt att använda brandvägg? / A study in computer security for home users : Is it necessary to use a firewall?

Johansson, Henrik

January 2006

The emphasize of this study is to evaluate security issues for home users having a personal computer connected to the Internet. It focus on the usage of advantages and disadvantages when using a firewall while connected to the Internet. The hypothesis is that it gives a better protection to install and use a firewall compared not to do so, due to security flaws in the operating system. The prediction was tested on a home user's personal computer. The testwork was divided into two major tests, each of them performed with, respectively without, a firewall. These major tests were divided into five smaller semi­ tests. The first semi­test without a firewall suffered from a virus or worm attack resulting in loss of data and log files. During the other tests no successful intrusion was detected. The conclusion of the study is that usage of a standard configured firewall provides a better protection for home users than not to use a firewall; and it's beneficial to update the operating system and other programs with security updates as soon as possible when they appear.

Security

firewall

vulnerability

home user

updates

Fristående kurs

Computer Sciences

Datavetenskap (datalogi)

Säkerhetsmedvetenhet hos hemanvändare / Security Awareness of Home Users

Lagerstrand, Philip

January 2015

IT utgör en stor del av majoriteten av folks vardagliga liv. Smartphones och surfplattor har om möjligt ytterligare ökat vår användning av tekniska enheter och prylar på en daglig basis. Arbetet tas med hem i en större grad med hjälp av laptops, VPN och molnmöjligheter. Mail kan tas emot i princip var och närsomhelst på dygnet. Men hur bra är säkerheten? På arbetsplatsen hanteras mycket av IT-säkerheten och ansvaret för den ofta av erfarna och dedikerade anställda, men hur ser det ut hemma där användaren själv har ansvaret för sin IT-säkerhet? I denna studie analyseras och identifieras risker och problem vid hantering av olika aktiviteter relaterade till IT-säkerhet i hemmet. Motivationsteorin TMT och en konceptuell modell av aktiviteter relaterade till IT-säkerhet användes för att ta fram frågorna till intervjuerna och för att analysera svaren. Information har samlats in genom intervjuer med personer i olika åldrar och med varierande erfarenhetsbakgrund. Risker har identifierats relaterat till brister i hemanvändares motivation att utföra aktiviteterna lösenordshantering och säkerhetskopiering samt bristande värderingar för aktiviteten utbildning.

IT security

IT

Security awareness

Information security

Home user

User

TMT

IT-säkerhet

IT

Säkerhetsmedvetenhet

Informationssäkerhet

Hemanvändare

Användare

TMT

Computer Sciences

Datavetenskap (datalogi)

Internet of Things and Cybersecurity in a Smart Home

Kiran Vokkarne (17367391)

10 November 2023

<p dir="ltr">With the ability to connect to networks and send and receive data, Internet of Things (IoT) devices involve associated security risks and threats, for a given environment. These threats are even more of a concern in a Smart Home network, where there is a lack of a dedicated security IT team, unlike a corporate environment. While efficient user interface(UI) and ease of use is at the front and center of IoT devices within Smart Home which enables its wider adoption, often security and privacy have been an afterthought and haven’t kept pace when needed. Therefore, a unsafe possibility exists where malicious actors could exploit vulnerable devices in a domestic home environment.</p><p dir="ltr">This thesis involves a detailed study of the cybersecurity for a Smart Home and also examines the various types of cyberthreats encountered, such as DDoS, Man-In-Middle, Ransomware, etc. that IoT devices face. Given, IoT devices are commonplace in most home automation scenarios, its crucially important to detect intrusions and unauthorized access. Privacy issues are also involved making this an even more pertinent topic. Towards this, various state of the art industry standard tools, such as Nmap, Nessus, Metasploit, etc. were used to gather data on a Smart Home environment to analyze their impacts to detect security vulnerabilities and risks to a Smart Home. Results from the research indicated various vulnerabilities, such as open ports, password vulnerabilities, SSL certificate anomalies and others that exist in many cases, and how precautions when taken in timely manner can help alleviate and bring down those risks.</p><p dir="ltr">Also, an IoT monitoring dashboard was developed based on open-source tools, which helps visualize threats and emphasize the importance of monitoring. The IoT dashboard showed how to raise alerts and alarms based on specific threat conditions or events. In addition, currently available cybersecurity regulations, standards, and guidelines were also examined that can help safeguard against threats to commonly used IoT devices in a Smart Home. It is hoped that the research carried out in this dissertation can help maintain safe and secure Smart Homes and provide direction for future work in the area of Smart Home Cybersecurity.</p>

Data and information privacy

Data security and protection

Hardware security

Software and application security

Information security management

Software architecture

Internet of things (IoT) Data

Internet of Things (IoT) devices

cybersecurity standards

Smart Home User Interfaces

SMART HOME SECURITY SYSTEM

monitoring adaptation