Characterization of cybersecurity knowledge and behaviors: Exploratory study with predominant data from northern Brazil

  • Marcelo H. Oliveira Henklain UFRR
  • Felipe Leite Lobo UFRR
  • Eduardo Luzeiro Feitosa UFAM
  • Luiz G. Dallagnol Cavalcante UFRR
  • José V. Rocha de Alencar UFRR
  • Vitor J. Carneiro Bríglia UFRR
  • Guilherme Miranda de Araújo UFRR
  • Guilherme da Silva Alves UFRR
DOI: https://doi.org/10.5753/sbseg.2024.241433

Abstract


Despite the importance of the human factor in cybersecurity, research in this direction is scarce. Therefore, our objective was to characterize cybersecurity knowledge and behaviors, assessing their relationship with the Big Five personality factors. A total of 232 Brazilians, mostly from the northern region, participated. We observed higher scores in agreeableness and openness, and lower neuroticism. The knowledge level ranged from "moderate to good" and the frequency of cybersecurity behaviors was low. We found evidence of an association between personality traits and cybersecurity knowledge and behavior. Future studies are needed to include a more diverse sample.

References

Alanazi, M., Freeman, M., and Tootell, H. (2022). Exploring the factors that influence the cybersecurity behaviors of young adults. Computers in Human Behavior, 136(107376), 1-14. DOI: 10.1016/j.chb.2022.107376

Aljohani, M., Alruqi, M., Alboqomi, O., and Alqahtani, A. (2020). An experimental study to understand how users choose password. In: Proceedings of the 4th International Conference on Future Networks and Distributed Systems (ICFNDS '20) (pp. 1–5). New York: ACM. DOI: 10.1145/3440749.3442643

Andrade, J. M. (2008). Evidências de Validade do Inventário dos Cinco Grandes Fatores de Personalidade para o Brasil (Tese de doutorado apresentada ao Programa de Pósgraduação em Psicologia Social, do Trabalho e das Organizações, Universidade de Brasília, Brasília). Recuperado de: [link]

Banaco, R. A., Vermes, J. S., Zamignani, D. R., Martone, R. C., and Kovac, R. (2012). Personalidade. Em: M. M. C. Hübner, & M. B. Moreira, Temas clássicos da psicologia sob a ótica da Análise do Comportamento (pp. 144-153). Rio de Janeiro: Guanabara Koogan.

Bošnjak, L., Sreš, J., and Brumen, B. (2018). Brute-force and dictionary attack on hashed real-world passwords. In 2018 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO) (pp. 1161-1166). Opatija, Croatia. DOI: 10.23919/MIPRO.2018.8400211

Cain, A. A., Edwards, M. E., and Still, J. D. (2018). An exploratory study of cyber hygiene behaviors and knowledge. Journal of Information Security and Applications, 42, 36-45. DOI: 10.1016/j.jisa.2018.08.002

Egelman, S., and Peer, E. (2015). Scaling the security wall: Developing a Security Behavior Intentions Scale (SeBIS). In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15, pp. 2873–2882). New York: ACM. DOI: 10.1145/2702123.2702249

Glory, F. Z., Aftab, A. U., Tremblay-Savard, O., and Mohammed, N. (2019). Strong password generation based on user inputs. In: IEEE 10th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON) (p. 416-423). DOI: 10.1109/IEMCON.2019.8936178

Gouveia, V. V., Guerra, V. M., Sousa, D. M. F., Santos, W. S., and Costa, J. M. (2009). Escala de Desejabilidade Social de Marlowe-Crowne: evidências de sua validade fatorial e consistência interna. Avaliação Psicológica, 8(1), 87-98. Recuperado de [link]

Guilherme, L. P., Ferreira, M. F., Fonseca, G. M., and Lazarin, N. M. (2021). Uma breve noção sobre o comportamento dos internautas em relação à segurança na rede. In: Anais da VII Escola Regional de Sistemas de Informação do Rio de Janeiro (pp. 1-7). Porto Alegre: SBC. DOI: 10.5753/ersirj.2021.16972

Hartwig, K., and Reuter, C. (2021). Nudge or restraint: How do people assess nudging in cybersecurity - A representative study in Germany. In: Proceedings of the 2021 European Symposium on Usable Security (EuroUSEC '21) (pp. 141–150). New York: ACM. DOI: 10.1145/3481357.3481514

Hoepers, C. (2024). A Importância dos Fatores Humanos para a Cibersegurança. Computação Brasil, 52, 61–66. DOI: 10.5753/compbr.2024.52.4604

Ji, S., Yang, S., Hu, X., Han, W., Li, Z., and Beyah, R. (2017). Zero-Sum Password Cracking Game: A Large-Scale Empirical Study on the Crackability, Correlation, and Security of Passwords. IEEE Transactions on Dependable and Secure Computing, 14(5), 550-564. DOI: 10.1109/TDSC.2015.2481884

Kennison, S. M., and Chan-Tin, E. (2020). Taking risks with cybersecurity: Using knowledge and personal characteristics to predict self-reported cybersecurity behaviors. Frontiers in Psychology, 11. DOI: 10.3389/fpsyg.2020.546546

Lin, X., Araujo, F., Taylor, T., Jang, J., and Polakis, J. (2023). Fashion Faux Pas: Implicit Stylistic Fingerprints for Bypassing Browsers' Anti-Fingerprinting Defenses. In: IEEE Symposium on Security and Privacy (SP) (pp. 987-1004). San Francisco, CA, USA. DOI: 10.1109/SP46215.2023.10179437

Lopes, R., Maciel, B., Soares, D., Figueiredo, L., and Carvalho, M. Análise e reflexões sobre a diferença de gênero na computação: podemos fazer mais? In: Anais do XVII WIT (pp. 68-79), Porto Alegre: SBC, 2023. DOI: 10.5753/wit.2023.230819

Mansur-Alves, M., and Saldanha-Silva, R. (2019). Teoria dos Cinco Fatores de Personalidade (TCF): Uma introdução teórico-conceitual e aplicada para avaliação. Em: Baptista M. N. et al. (orgs.), Compêndio de Avaliação Psicológica (pp. 507-520). Petrópolis, RJ: Editora Vozes.

Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A., and Zwaans, T. (2017). The Human Aspects of Information Security Questionnaire (HAIS-Q): Two further validation studies. Computers & Security, 66, 40-51. DOI: 10.1016/j.cose.2017.01.004

Rahman, T., Rohan, R., Pal, D., and Kanthamanon, P. (2021). Human factors in cybersecurity: A scoping review. In: Proceedings of the 12th International Conference on Advances in Information Technology (IAIT '21, pp. 1–11). Association for Computing Machinery, New York, NY, USA, Article 5. DOI: 10.1145/3468784.3468789

Ruoslahti, H., Coburn, J., Trent, A., and Tikanmäki, I. (2021). Cyber Skills Gaps – A Systematic Review of the Academic Literature. Connections: The Quarterly Journal, 20(2), 33-45. DOI: 10.11610/Connections.20.2.04

Soares, H., Araújo, N., and de Souza, P. (2020). Privacidade e segurança digital: Um estudo sobre a percepção e o comportamento dos usuários sob a perspectiva do paradoxo da privacidade. In: Anais do I WICS (pp. 97-106). Porto Alegre: SBC. DOI: 10.5753/wics.2020.11040

Švábenský, V., Vykopal, J., and Čeleda, P. (2020). What are cybersecurity education papers about? A systematic literature review of SIGCSE and ITiCSE conferences. In: The 51st ACM Technical Symposium on Computer Science Education (SIGCSE ’20). DOI: 10.1145/3328778.3366816

Syafitri, W., Shukur, Z., Mokhtar, U. A., Sulaiman, R., and Ibrahim, M. A. (2022). Social engineering attacks prevention: A systematic literature review. IEEE Access, 10, 39325–39343. DOI: 10.1109/access.2022.3162594

Teles, M., Saraiva, L., Freires, M., Rocha, M., and Marques, A. Mentoria acadêmica como aliada à integração de alunas de Computação no ambiente acadêmico. In: Anais do XVII WIT (pp. 194-204), Porto Alegre: SBC, 2023. DOI: 10.5753/wit.2023.230784
Published
2024-09-16
How to Cite

Select a Format
HENKLAIN, Marcelo H. Oliveira; LOBO, Felipe Leite; FEITOSA, Eduardo Luzeiro; CAVALCANTE, Luiz G. Dallagnol; ALENCAR, José V. Rocha de; BRÍGLIA, Vitor J. Carneiro; ARAÚJO, Guilherme Miranda de; ALVES, Guilherme da Silva. Characterization of cybersecurity knowledge and behaviors: Exploratory study with predominant data from northern Brazil. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 24. , 2024, São José dos Campos/SP. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2024 . p. 76-91. DOI: https://doi.org/10.5753/sbseg.2024.241433.