[Air-L] cyber security and gender

Andrew Gillam agillam at sycamores.indstate.edu
Tue Feb 26 03:54:19 PST 2019 

Hello, Anna.

I recently investigated gender-related aspects of cybersecurity as part of my dissertation work (currently under committee review).  I included gender as a candidate confounding due to findings by several studies that noted differences between gender based groups. Overall, I found mixed results from the literature regarding gender (please see below).

Your interest in fluidity as a potential determinant is interesting; I did not note any works that used anything other than a two state gender variable.  My own research noted no significant differences in motivation or behavior between genders; similar to others, I also used a two-state variable..

From my lit review, several items noted no significant differences regarding gender :
  • adoption of CySec safeguard measures studied by Samhan in 2017 and van Schaik, also in 2017, or those who used protective software for home computers, studied by Claar and Johnson in 2012;
   • email phishing recognition activity by Sawyer and Hancock (2018),
   • victims of online fraud studied by Van Wilsem (2013),
   • gender-based covariance in the ANOVA-based analysis of cyber awareness by Coventry, Jeske, and Briggs (2014), and
   • the protection motivation-focused dissertation by Talebi (2018).

Most of my cited studies that noted significant gender differences found females more vulnerable. These included Fagan, Albayram, Khan, and Buck (2017), who noted males used password management software more frequently than females. Several studies of email phishing behavior noted greater vulnerability among females:
   • Hanus (2014) noted males less likely to open phishing emails;
   • Goel, Williams, and Dincelli (2017) noted males less likely to open phishing emails, but both genders were equally likely to activate embedded phishing links inside emails
   • Gratian, Band, Cukier, Dykstra, and Ginther (2018) found females self-reported less effective password generation than males;
   • Sawyer et al. (2015), cite multiple works where females followed phishing links more than males, and were more likely to share personal information when they did;
   • Sheng et al. (2010) noted more females clicked phishing links, and the percentage of females who provided personal information after clicking the link was even greater than for the original clicking behavior. However, gender differences disappeared after training.

One of the reviewed items noted significantly lower levels of CySec vulnerability by females: the protection motivation-focused study by Tsai et al. (2016). However, gender represented a very weak association with protective intent: r = 0.07; p < .05, n = 988 .

Best regards!

Andy Gillam

References
Claar, C. L., & Johnson, J. (2012). Analyzing home PC security adoption behavior. Journal of Computer Information Systems, 52(4), 20-29. Retrieved from
https://pdfs.semanticscholar.org/5991/6f95d9f8c8837a1b5cbe34bc5e3157fec62e.pdf

Coventry, L., Jeske, D., & Briggs, P. (2014). Perceptions and actions: Combining privacy and risk perceptions to better understand user behaviour. In: Symposium on Usable Privacy and Security (SOUPS) 2014, July 9-11, 2014, Menlo Park, CA. Retrieved from http://nrl.northumbria.ac.uk/17995/1/Coventry_et_al_2014_SOUPS_workshop.pdf

Fagan, M., Albayram, Y., Khan, M. M. H., & Buck, R. (2017). An investigation into users’ considerations towards using password managers. Human-centric Computing and Information Sciences, 7(1), 1-12. doi: 10.1186/s13673-017-0093-6

Goel, S., Williams, K., & Dincelli, E. (2017). Got phished? internet security and human
vulnerability. Journal of the Association for Information Systems, 18(1), 22-44. Retrieved
from https://aisel.aisnet.org/cgi/viewcontent.cgi?article=1761&context=jais

Gratian, M., Bandi, S., Cukier, M., Dykstra, J., & Ginther, A. (2018). Correlating human traits and cyber security behavior intentions. Computers & Security, 73, 345-358. doi:
10.1016/j.cose.2017.11.015

Hanus, B. T. (2014). The impact of information security awareness on compliance with
information security policies: A phishing perspective. Retrieved from ProQuest
Dissertations & Theses (Order No. 3727160).

Samhan, B. (2017, April). Security behaviors of healthcare providers using HIT outside of work: A technology threat avoidance perspective. In Information and Communication Systems (ICICySec), 2017 8th International Conference on, 342-347. IEEE.

Sawyer, B. D., Finomore, V. S., Funke, G. J., Mancuso, V. F., Miller, B., Warm, J., & Hancock, P. A. (2015, August). Evaluating cybersecurity vulnerabilities with the email testbed: effects of training. In Proceedings 19th Triennial Congress of the IEA, 9, 1-6.

Sawyer, B. D., & Hancock, P. A. (2018). Hacking the human: The prevalence paradox in
cybersecurity. Human Factors, 60(5), 597-609. doi: 10.1177/0018720818780472

Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L. F., & Downs, J. (2010). Who falls for phish?: A demographic analysis of phishing susceptibility and effectiveness of interventions. In Proceedings of the Conference on Human Factors in Computing Systems, 13(1), 373–382. doi: 10.1145/1753326.1753383

Talebi, N. (2018). The Effect of Perceived Warning Message Characteristics on Coping
Responses in Data Breach Scenarios (Doctoral dissertation, The University of Texas at
San Antonio). Retrieved from Proquest Dissertations and Theses (Order No. 10784195).

Tsai, H. Y. S., Jiang, M., Alhabash, S., LaRose, R., Rifon, N. J., & Cotten, S. R. (2016). Understanding online safety behaviors: A protection motivation theory perspective. Computers & Security, 59, 138-150. doi: 10.1016/j.cose.2016.02.009

van Schaik, P., Jeske, D., Onibokun, J., Coventry, L., Jansen, J., & Kusev, P. (2017). Risk
perceptions of cyber-security and precautionary behaviour. Computers in Human
Behavior, 75, 547-559. doi: 10.1016/j.chb.2017.05.038

Van Wilsem, J. (2011). Bought it, but never got it: Assessing risk factors for online consumer fraud victimization. European Sociological Review, 29(2), 168-178. doi:
10.1093/esr/jcr053



On Feb 26, 2019, at 04:26, Waliya Yohanna Joseph <waliyayohannajoseph at unical.edu.ng<mailto:waliyayohannajoseph at unical.edu.ng>> wrote:

CAUTION: This message originated from outside of Indiana State University. Do not click links or open attachments unless you recognize the sender and know the content is safe.




https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.researchgate.net%2Fpublication%2F320555745_Calabar_lesbian_cryptic_languages&data=02%7C01%7CAgillam%40sycamores.indstate.edu%7C103d36c4ff4d4341c41f08d69bd4df42%7C3eeabe396b1c4f95ae682fab18085f8d%7C0%7C0%7C636867735919823989&sdata=tGxqnpsmfKNh0HYaiyduO2W%2BSmcrNGiWKO0KyEKQ4ec%3D&reserved=0
Please check this publication, may it will make sense.

Get Outlook for Android<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2Fghei36&data=02%7C01%7CAgillam%40sycamores.indstate.edu%7C103d36c4ff4d4341c41f08d69bd4df42%7C3eeabe396b1c4f95ae682fab18085f8d%7C0%7C0%7C636867735919823989&sdata=L3%2B1bgEZ0KqXwGXC8kcxwQDjkpWoNuwsTlOvXQH9rA8%3D&reserved=0>

________________________________
From: Air-L <air-l-bounces at listserv.aoir.org<mailto:air-l-bounces at listserv.aoir.org>> on behalf of Anja Venter <anjaventer at gmail.com<mailto:anjaventer at gmail.com>>
Sent: Tuesday, February 26, 2019 10:21:49 AM
To: List Aoir
Subject: [Air-L] cyber security and gender

Hello people of AoIR,

Myself and colleagues are busy writing a paper on gendered differences
in cybersecurity awareness (aka how well resilient are they against
cybersecurity attacks) among ComSci and non-ComSci students at a South
African university, and our findings include awareness determined by gender
(mostly because the majority of ComSci students are cis male).

I have three questions for those of you who explore these intersections:

1. Has anyone written about *describing* gender in this kind of research,
beyond the binaries. It is 2019 after all, and I don't think writing about
"male" and "female" participants isn't a very nuanced approach, despite the
gendered nature of the findings. Any literature to recommend?

2. Any literature on cybersecurity and gendered risks to recommend?

3. Are there any knowledge communities whose research we should be looking
at in terms of conferences, publications, research centers?

Many thanks!
Anja


*Dr Anja Venter, PhD*
*Art-stronaut*

*https://na01.safelinks.protection.outlook.com/?url=www.nannaventer.co.za&data=02%7C01%7CAgillam%40sycamores.indstate.edu%7C103d36c4ff4d4341c41f08d69bd4df42%7C3eeabe396b1c4f95ae682fab18085f8d%7C0%7C0%7C636867735919823989&sdata=7iQd%2B8tTShoscQKnPU2aENP%2BoebYKEfh4H8jN3F%2B%2BVs%3D&reserved=0 <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nannaventer.co.za&data=02%7C01%7CAgillam%40sycamores.indstate.edu%7C103d36c4ff4d4341c41f08d69bd4df42%7C3eeabe396b1c4f95ae682fab18085f8d%7C0%7C0%7C636867735919823989&sdata=1LQ9w7Mi44p3HbmxGsaIvIpShJuNNTCm7FcvT3i3J50%3D&reserved=0>   *

*+27 84 929 4647  *

*@nannaventer*
_______________________________________________
The Air-L at listserv.aoir.org<mailto:Air-L at listserv.aoir.org> mailing list
is provided by the Association of Internet Researchers https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Faoir.org&data=02%7C01%7CAgillam%40sycamores.indstate.edu%7C103d36c4ff4d4341c41f08d69bd4df42%7C3eeabe396b1c4f95ae682fab18085f8d%7C0%7C0%7C636867735919823989&sdata=Wxm3tyqk5vvxIplN2ajLpylByF8a8sOGvI4rzsLloEY%3D&reserved=0
Subscribe, change options or unsubscribe at: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flistserv.aoir.org%2Flistinfo.cgi%2Fair-l-aoir.org&data=02%7C01%7CAgillam%40sycamores.indstate.edu%7C103d36c4ff4d4341c41f08d69bd4df42%7C3eeabe396b1c4f95ae682fab18085f8d%7C0%7C0%7C636867735919823989&sdata=edUf%2FI0baKmv0LdcGQy0oBs0ShpmTu6wZo7skfur9x8%3D&reserved=0

Join the Association of Internet Researchers:
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.aoir.org%2F&data=02%7C01%7CAgillam%40sycamores.indstate.edu%7C103d36c4ff4d4341c41f08d69bd4df42%7C3eeabe396b1c4f95ae682fab18085f8d%7C0%7C0%7C636867735919823989&sdata=HbhdK%2BATNwcfrDWuHfcQ7IoU4Di%2FVl6g8QHLFqP%2BOa4%3D&reserved=0
_______________________________________________
The Air-L at listserv.aoir.org<mailto:Air-L at listserv.aoir.org> mailing list
is provided by the Association of Internet Researchers https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Faoir.org&data=02%7C01%7CAgillam%40sycamores.indstate.edu%7C103d36c4ff4d4341c41f08d69bd4df42%7C3eeabe396b1c4f95ae682fab18085f8d%7C0%7C0%7C636867735919823989&sdata=Wxm3tyqk5vvxIplN2ajLpylByF8a8sOGvI4rzsLloEY%3D&reserved=0
Subscribe, change options or unsubscribe at: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flistserv.aoir.org%2Flistinfo.cgi%2Fair-l-aoir.org&data=02%7C01%7CAgillam%40sycamores.indstate.edu%7C103d36c4ff4d4341c41f08d69bd4df42%7C3eeabe396b1c4f95ae682fab18085f8d%7C0%7C0%7C636867735919823989&sdata=edUf%2FI0baKmv0LdcGQy0oBs0ShpmTu6wZo7skfur9x8%3D&reserved=0

Join the Association of Internet Researchers:
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.aoir.org%2F&data=02%7C01%7CAgillam%40sycamores.indstate.edu%7C103d36c4ff4d4341c41f08d69bd4df42%7C3eeabe396b1c4f95ae682fab18085f8d%7C0%7C0%7C636867735919823989&sdata=HbhdK%2BATNwcfrDWuHfcQ7IoU4Di%2FVl6g8QHLFqP%2BOa4%3D&reserved=0

More information about the Air-L mailing list