Deanna D. Caputo

TL;DR: The results from three trials showed that framing had no significant effect on the likelihood that a participant would click a subsequent spear phishing email and that many participants either clicked all links or none regardless of whether they received training.

TL;DR: Why incorporating an understanding of human behavior into cyber security products and processes can lead to more effective technology is described and how behavioral science offers the potential for significant increases in the effectiveness of cyber security is illustrated.

TL;DR: MITRE researchers designed a prototype system for identifying insider threats, which prompted a team of engineers and social scientists to experimentally study how malicious insiders use information differently from a benign baseline group.

TL;DR: Three case studies explore organizational attempts to provide usable security products, which assume that when security functions are more usable, people are more likely to use them, leading to an improvement in overall security.

TL;DR: The results indicate that training users with individual loss messaging might increase the effectiveness of the training, and potential evidence that organizational training can lead to increased overall spear phishing awareness, even for those not directly trained is found.