Högskolan i Skövde

his.sePublications
Change search
Link to record
Permanent link

Direct link
Publications (10 of 61) Show all publications
Hedberg, D., Lundgren, M. & Nohlberg, M. (2024). Cybersecurity in modern cars: awareness and readiness of auto workshops. Information and Computer Security
Open this publication in new window or tab >>Cybersecurity in modern cars: awareness and readiness of auto workshops
2024 (English)In: Information and Computer Security, E-ISSN 2056-4961Article in journal (Refereed) Epub ahead of print
Abstract [en]

Purpose: This study aims to explore auto mechanics awareness of repairs and maintenance related to the car’s cybersecurity and provide insights into challenges based on current practice. Design/methodology/approach: This study is based on an empirical study consisting of semistructured interviews with representatives from both branded and independent auto workshops. The data was analyzed using thematic analysis. A version of the capability maturity model was introduced to the respondents as a self-evaluation of their cybersecurity awareness. Findings: Cybersecurity was not found to be part of the current auto workshop work culture, and that there is a gap between independent workshops and branded workshops. Specifically, in how they function, approach problems and the tools and support available to them to resolve (particularly regarding previously unknown) issues. Research limitations/implications: Only auto workshop managers in Sweden were interviewed for this study. This role was picked because it is the most likely to have come in contact with cybersecurity-related issues. They may also have discussed the topic with mechanics, manufacturers or other auto workshops – thus providing a broader view of potential issues or challenges. Practical implications: The challenges identified in this study offers actionable advice to car manufacturers, branded workshops and independent workshops. The goal is to further cooperation, improve knowledge sharing and avoid unnecessary safety or security issues. Originality/value: As cars become smarter, they also become potential targets for cyberattacks, which in turn poses potential threats to human safety. However, research on auto workshops, which has previously ensured that cars are road safe, has received little research attention with regards to the role cybersecurity can play in repairs and maintenance. Insights from auto workshops can therefore shed light upon the unique challenges and issues tied to the cybersecurity of cars, and how they are kept up-to-date and road safe in the digital era. 

Place, publisher, year, edition, pages
Emerald Publishing, 2024
Keywords
Auto workshop security, Connected car, Vehicle cybersecurity, Cybersecurity, Current practices, Cyber security, Design/methodology/approach, Empirical studies, On currents, On-currents, Repair and maintenance, Roads and streets
National Category
Information Systems Information Systems, Social aspects
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-23599 (URN)10.1108/ICS-11-2023-0211 (DOI)001153515300001 ()2-s2.0-85183841672 (Scopus ID)
Note

© 2024, Emerald Publishing Limited.

Article publication date: 1 February 2024

Correspondence Address: D. Hedberg; School of Informatics, University of Skövde, Skövde, Sweden; email: davidhedberg@hotmail.com

Available from: 2024-02-15 Created: 2024-02-15 Last updated: 2024-02-26
Kävrestad, J., Rambusch, J. & Nohlberg, M. (2024). Design principles for cognitively accessible cybersecurity training. Computers & security (Print), 137, Article ID 103630.
Open this publication in new window or tab >>Design principles for cognitively accessible cybersecurity training
2024 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 137, article id 103630Article in journal (Refereed) Published
Abstract [en]

Exploiting human behavior to gain unauthorized access to computer systems has become common practice for modern cybercriminals. Users are expected to adopt secure behavior to avoid those attackers. This secure behavior requires cognitive processing and is often seen as a nuisance which could explain why attacks exploiting user behavior continues to be a fruitful approach for attackers. While adopting secure behavior can be difficult for any user, it can be even more difficult for users with cognitive disabilities. This research focuses on users with cognitive disabilities with the intent of developing design principles for the development of cognitively accessible cybersecurity training. The target group is estimated to include almost 10 % of all users but is previously understudied. The results show that the target group experience cybersecurity as cognitively demanding, sometimes to a degree that becomes incapacitating. Participating in cybersecurity training requires cognitive energy which is a finite resource. Cognitively accessible cybersecurity training requires a minimalist design approach and inclusion of accessibility functions. A minimalist design approach, in this case, means that both informative and design elements should be kept to a minimum. The rationale is that all such elements require cognitive processing which should be kept to a minimum. 

Place, publisher, year, edition, pages
Elsevier, 2024
Keywords
Accessible security, Cognitive accessibility, Cybersecurity training, Cybersecurity training design, Usable security, Behavioral research, Network security, Cognitive processing, Cyber security, Design Principles, Training design, Cybersecurity
National Category
Information Systems Human Computer Interaction
Research subject
Interaction Lab (ILAB); Information Systems
Identifiers
urn:nbn:se:his:diva-23469 (URN)10.1016/j.cose.2023.103630 (DOI)001134538700001 ()2-s2.0-85178635646 (Scopus ID)
Funder
The Swedish Post and Telecom Authority (PTS), 19-10617
Note

CC BY 4.0 DEED

© 2023 The Author(s)

Correspondence Address: J. Kävrestad; Jönköping School of Engineering, Jönköping, Gjuterigatan 5, 551 11, Sweden; email: joakim.kavrestad@ju.se; CODEN: CPSED

This research was funded by the Swedish Post and Telecom Authority under grant number 19-10617.

Available from: 2023-12-14 Created: 2023-12-14 Last updated: 2024-01-26Bibliographically approved
Kävrestad, J. & Nohlberg, M. (2024). Ett fundament i den svenska högre utbildningsmodellen är att kombinera forskning och undervisning. Aktuell säkerhet (8 januari)
Open this publication in new window or tab >>Ett fundament i den svenska högre utbildningsmodellen är att kombinera forskning och undervisning
2024 (Swedish)In: Aktuell säkerhet, no 8 januariArticle in journal (Other (popular science, discussion, etc.)) Published
Abstract [sv]

Joakim Kävrestad, lektor i datavetenskap, Tekniska Högskolan i Jönköping och Marcus Nohlberg, docent i informationsteknologi, Högskolan i Skövde, håller inte med Jan Kallberg om att svensk cybersäkerhetsforskning borde kraftsamlas till några få platser.

National Category
Information Systems, Social aspects Human Aspects of ICT
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-23515 (URN)
Note

Replik

Available from: 2024-01-08 Created: 2024-01-08 Last updated: 2024-01-08Bibliographically approved
Kävrestad, J., Furnell, S. & Nohlberg, M. (2024). User perception of Context-Based Micro-Training – a method for cybersecurity training. Information Security Journal, 33(2), 121-137
Open this publication in new window or tab >>User perception of Context-Based Micro-Training – a method for cybersecurity training
2024 (English)In: Information Security Journal, ISSN 1939-3555, E-ISSN 1939-3547, Vol. 33, no 2, p. 121-137Article in journal (Refereed) Published
Abstract [en]

User behavior is one of the biggest challenges to cybersecurity in modern organizations. Users are continuously targeted by attackers and required to have sufficient knowledge to spot and avoid such attacks. Different training methods are suggested and used in the industry to support users to behave securely. The challenge remains, and improved methods for end-user cybersecurity training are needed. This paper introduces and evaluates user perception of a method called Context-Based Micro-Training (CBMT). This approach suggests that training should be delivered in short sequences when the information is of direct relevance. The intention is to provide training directly related to the user’s current situation while also providing an awareness-increasing effect. This notion is tested in a survey-based evaluation involving 1,452 respondents from Sweden, Italy, and the UK, comparing the perception of CBMT against the experience of traditional approaches. The results emphasize that current methods are not effective enough and show that CBMT is perceived positively by respondents in all sample groups. The study further evaluated how demographic aspects impact the perception of CBMT and found that a diverse group of users can appreciate it.

Place, publisher, year, edition, pages
Taylor & Francis, 2024
Keywords
cybersecurity, end-user, perception, training
National Category
Computer and Information Sciences Human Computer Interaction Information Systems, Social aspects
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-22660 (URN)10.1080/19393555.2023.2222713 (DOI)001004357200001 ()2-s2.0-85161683304 (Scopus ID)
Funder
Vinnova, 2019-05021
Note

CC BY 4.0

Published online: 09 Jun 2023

CONTACT Joakim Kävrestad

The work was supported by VINNOVA under the grant [2019-05021].

Available from: 2023-06-09 Created: 2023-06-09 Last updated: 2024-02-14Bibliographically approved
Kävrestad, J., Nohlberg, M. & Furnell, S. (2023). A taxonomy of SETA methods and linkage to delivery preferences. The Data base for Advances in Information Systems, 54(4), 107-133
Open this publication in new window or tab >>A taxonomy of SETA methods and linkage to delivery preferences
2023 (English)In: The Data base for Advances in Information Systems, ISSN 0095-0033, Vol. 54, no 4, p. 107-133Article in journal (Refereed) Published
Abstract [en]

Cybersecurity threats targeting users are common in today’s information systems. Threat actors exploit human behavior to gain unauthorized access to systems and data. The common suggestion for addressing this problem is to train users to behave better using SETA programs. The notion of training users is old, and several SETA methods are described in scientific literature. Yet, incidents stemming from insecure user behavior continue to happen and are reported as one of the most common types of incidents. Researchers argue that empirically proven SETA programs are needed and point out focus on knowledge rather than behavior, and poor user adoption, as problems with existing programs. The present study aims to research user preferences regarding SETA methods, with the motivation that a user is more likely to adopt a program perceived positively. A qualitative approach is used to identify existing SETA methods, and a quantitative approach is used to measure user preferences regarding SETA delivery. We show that users prefer SETA methods to be effortless and flexible and outline how existing methods meet that preference. The results outline how SETA methods respond to user preferences and how different SETA methods can be implemented to maximize user perception, thereby supporting user adoption.

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2023
Keywords
Cybersecurity, Security Training, Security Behavior, Security Awareness, User Training
National Category
Information Systems, Social aspects
Research subject
INF303 Information Security; Information Systems
Identifiers
urn:nbn:se:his:diva-22261 (URN)10.1145/3631341.3631348 (DOI)001098050000006 ()2-s2.0-85176937421 (Scopus ID)
Note

The ACM Digital Library is published by the Association for Computing Machinery. Copyright © 2023 ACM, Inc.

Available from: 2023-02-14 Created: 2023-02-14 Last updated: 2023-12-11Bibliographically approved
Nohlberg, M. (2023). Bank-ID:s nya krav ökar utanförskapet – men problemen kunde lösts enklare för länge sedan. Dagens industri (11 september)
Open this publication in new window or tab >>Bank-ID:s nya krav ökar utanförskapet – men problemen kunde lösts enklare för länge sedan
2023 (Swedish)In: Dagens industri, ISSN 0346-640X, no 11 septemberArticle in journal, News item (Other (popular science, discussion, etc.)) Published
Abstract [sv]

Bank-ID:s oförmåga eller ovilja att leverera säkra tjänster har under snart ett årtionde möjliggjort för en bedrägerikultur att växa fram i samhället, i en skala som gör att brotten ibland inte ens utreds numera, skriver Marcus Nohlberg docent i cybersäkerhet.

Place, publisher, year, edition, pages
Dagens industri, 2023
National Category
Information Systems, Social aspects
Research subject
Information Systems; Information Systems
Identifiers
urn:nbn:se:his:diva-23221 (URN)
Note

Debatt

Publicerad: 11 september 2023

Dagens industri är en del av Bonnier News.

Available from: 2023-09-14 Created: 2023-09-14 Last updated: 2023-09-18Bibliographically approved
Kävrestad, J., Lindvall, D. & Nohlberg, M. (2023). Combating digital exclusion with cybersecurity training – an interview study with Swedish seniors. In: Steve Furnell; Nathan Clarke (Ed.), Human Aspects of Information Security and Assurance: 17th IFIP WG 11.12 International Symposium, HAISA 2023, Kent, UK, July 4–6, 2023, Proceedings. Paper presented at 17th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance, HAISA 2023, Kent, United Kingdom, July 4–6, 2023 (pp. 3-12). Cham: Springer, 1
Open this publication in new window or tab >>Combating digital exclusion with cybersecurity training – an interview study with Swedish seniors
2023 (English)In: Human Aspects of Information Security and Assurance: 17th IFIP WG 11.12 International Symposium, HAISA 2023, Kent, UK, July 4–6, 2023, Proceedings / [ed] Steve Furnell; Nathan Clarke, Cham: Springer, 2023, Vol. 1, p. 3-12Conference paper, Published paper (Refereed)
Abstract [en]

While rapid digitalization is beneficial for a majority of all people, some people struggle to adopt digital technology. Not only do these persons miss the potential benefits of digitalization, but they are also suffering from the fact that many services are no longer provided in a non-digital way. Previous research suggests that a lack of security literacy and awareness is one driving factor behind the digital exclusion for senior citizens. To that end, this research focuses on cybersecurity training for seniors. Seniors are here defined as those aged above 65. Using interviews with eight seniors, this research evaluates the use of contextual training in this user group. The rationale is that contextual training has been found to have positive results in other user groups. The results suggest that contextual cybersecurity training can increase cybersecurity awareness for senior citizens and be appreciated by the users. The participants also confirm previous research describing that cybersecurity concerns are a driving factor behind digital exclusion and that contextual cybersecurity training can make seniors more comfortable adopting digital services.

Place, publisher, year, edition, pages
Cham: Springer, 2023
Series
IFIP Advances in Information and Communication Technology (IFIPAICT), ISSN 1868-4238, E-ISSN 1868-422X ; 674
Keywords
cybersecurity awareness, senior digital exclusion, contextual training
National Category
Human Computer Interaction Information Systems, Social aspects
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-23031 (URN)10.1007/978-3-031-38530-8_1 (DOI)2-s2.0-85172691419 (Scopus ID)978-3-031-38529-2 (ISBN)978-3-031-38532-2 (ISBN)978-3-031-38530-8 (ISBN)
Conference
17th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance, HAISA 2023, Kent, United Kingdom, July 4–6, 2023
Available from: 2023-07-13 Created: 2023-07-13 Last updated: 2023-10-16Bibliographically approved
Hedberg, D., Lundgren, M. & Nohlberg, M. (2023). Cyberthreats in Modern Cars: Responsibility and Readiness of Auto Workshops. In: Steve Furnell; Nathan Clarke (Ed.), Human Aspects of Information Security and Assurance: 17th IFIP WG 11.12 International Symposium, HAISA 2023, Kent, UK, July 4–6, 2023, Proceedings. Paper presented at 17th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance, HAISA 2023, Kent, United Kingdom, July 4–6, 2023 (pp. 275-284). Cham: Springer, 1
Open this publication in new window or tab >>Cyberthreats in Modern Cars: Responsibility and Readiness of Auto Workshops
2023 (English)In: Human Aspects of Information Security and Assurance: 17th IFIP WG 11.12 International Symposium, HAISA 2023, Kent, UK, July 4–6, 2023, Proceedings / [ed] Steve Furnell; Nathan Clarke, Cham: Springer, 2023, Vol. 1, p. 275-284Conference paper, Published paper (Refereed)
Abstract [en]

Modern cars are becoming increasingly smarter and connected. Today, cars often contain features ranging from controlling service functions through a mobile application to remote road assistance. However, as cars become smarter, they also become potential targets for cyberattacks, and a potential threat to human safety. Traditionally, handing in a car to an auto workshop for repairs and maintenance have ensured that the car is road safe. But, to what extent are auto mechanics aware of repairs and maintenance related to the car’s cybersecurity? Based on interviews with eight auto workshop specialists in Sweden, using the capability maturity model as lens to capture the readiness maturity, the following study looks at experiences with cybersecurity related to cars, what current tools are used, and procedures to deal with a cyberattack against cars in their workshop. It was found that auto workshops are potential targets, with limited solutions existing today, and that cyber security is not a part of the current culture. It was also found that there is a gap between independent workshops and branded workshops in how they function and in what manner they approach problems and issues. Specifically, for new issues (i.e., previously unencountered issues), branded workshops relied more on the manufacturer than independent workshops who were left to use whatever solution they could figure out by their own means, which sometimes may be akin to hacking the car’s systems.

Place, publisher, year, edition, pages
Cham: Springer, 2023
Series
IFIP Advances in Information and Communication Technology (IFIPAICT), ISSN 1868-4238, E-ISSN 1868-422X ; 674
Keywords
Connected car, vehicle cyber security, auto workshop security
National Category
Information Systems, Social aspects
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-23032 (URN)10.1007/978-3-031-38530-8_22 (DOI)2-s2.0-85172683789 (Scopus ID)978-3-031-38529-2 (ISBN)978-3-031-38532-2 (ISBN)978-3-031-38530-8 (ISBN)
Conference
17th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance, HAISA 2023, Kent, United Kingdom, July 4–6, 2023
Available from: 2023-07-13 Created: 2023-07-13 Last updated: 2023-10-16Bibliographically approved
Kävrestad, J., Abbasi, M. A., Tarczal, M. & Nohlberg, M. (2023). The impact of short-term memory on phishing detection ability and password behaviour. In: Peter Bednar; Fatema Zaghloul; Christine Welch; Alexander Nolte; Mikko Rajanen; Anna Sigridur Islind; Helena Vallo Hult; Aurelio Ravarini; Alessio Maria Braccini (Ed.), Proceedings of the 9th International Conference on Socio-Technical Perspective in Information Systems Development (STPIS 2023): . Paper presented at 9th International Conference on Socio-Technical Perspective in Information Systems Development, STPIS 2023 Hybrid, Portsmouth 27 October 2023 through 28 October 2023 (pp. 160-173). CEUR-WS
Open this publication in new window or tab >>The impact of short-term memory on phishing detection ability and password behaviour
2023 (English)In: Proceedings of the 9th International Conference on Socio-Technical Perspective in Information Systems Development (STPIS 2023) / [ed] Peter Bednar; Fatema Zaghloul; Christine Welch; Alexander Nolte; Mikko Rajanen; Anna Sigridur Islind; Helena Vallo Hult; Aurelio Ravarini; Alessio Maria Braccini, CEUR-WS , 2023, p. 160-173Conference paper, Published paper (Refereed)
Abstract [en]

Cybersecurity is a socio-technical discipline which is dependent on the interplay between users and devices, and the organizations where this interplay takes place. Previous research has shown that the interplay between users and devices is highly affected by the cognitive abilities of users. This is prominent in cybersecurity, which requires users to make security-aware decisions when, for instance, reading emails and decide which emails are legitimate and which emails constitute phishing. Research further suggests that decision-making is dependent on memory ability, which is the focus of this research. In this study, we investigate the impact of short-term memory on phishing detection ability and password behaviour. A web survey was used to collect quantitative data from a large sample of respondents. The survey was distributed on social media platforms and 93 participants completed the survey. The results indicate a positive correlation between short-term memory scores and both password detection ability and password behavior. 

Place, publisher, year, edition, pages
CEUR-WS, 2023
Series
CEUR Workshop Proceedings, ISSN 1613-0073 ; 3598
Keywords
behaviour, cybersecurity, memory, password, phishing, Authentication, Brain, Computer crime, Decision making, Long short-term memory, Behavior, Cognitive ability, Cyber security, Detection ability, Phishing detections, Security-aware, Short term memory, Sociotechnical, Electronic mail
National Category
Computer Sciences Human Computer Interaction Information Systems Information Systems, Social aspects
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-23531 (URN)2-s2.0-85181156268 (Scopus ID)
Conference
9th International Conference on Socio-Technical Perspective in Information Systems Development, STPIS 2023 Hybrid, Portsmouth 27 October 2023 through 28 October 2023
Note

CC BY 4.0 DEED

© 2023 CEUR-WS. All rights reserved

Correspondence Address: J. Kävrestad; School of Informatics, University of Skövde, Sweden; email: joakim.kavrestad@ju.se

Available from: 2024-01-11 Created: 2024-01-11 Last updated: 2024-01-17Bibliographically approved
Kävrestad, J. & Nohlberg, M. (2022). Context-Based Micro-training. In: Sushil Jajodia; Pierangela Samarati; Moti Yung (Ed.), Encyclopedia of Cryptography, Security and Privacy: . Springer
Open this publication in new window or tab >>Context-Based Micro-training
2022 (English)In: Encyclopedia of Cryptography, Security and Privacy / [ed] Sushil Jajodia; Pierangela Samarati; Moti Yung, Springer, 2022Chapter in book (Refereed)
Place, publisher, year, edition, pages
Springer, 2022
National Category
Computer Sciences
Research subject
INF303 Information Security; Information Systems
Identifiers
urn:nbn:se:his:diva-20992 (URN)10.1007/978-3-642-27739-9_1781-1 (DOI)978-3-642-27739-9 (ISBN)
Note

© Springer Science+Business Media LLC 2022

Springer, Berlin, Heidelberg

Living reference work entry

First Online 16 March 2022

Available from: 2022-03-21 Created: 2022-03-21 Last updated: 2022-04-22Bibliographically approved
Projects
Supporting secure behavior using ContextBased MicroTraining [2019-05021_Vinnova]; University of Skövde; Publications
Kävrestad, J., Furnell, S. & Nohlberg, M. (2024). User perception of Context-Based Micro-Training – a method for cybersecurity training. Information Security Journal, 33(2), 121-137
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0001-5962-9995

Search in DiVA

Show all publications