Research
Literature reviews and research reports
The difference between security awareness and privacy awareness
Science breaks security awareness down into knowledge, attitude and behaviour, and privacy awareness into perceiving, understanding and applying. That very difference explains why security calls for behaviour change and privacy for the application of knowledge, and why a single training format falls short for both subjects.
The Vulnerable First Months
Why the first months of employment are a vulnerable period, across the full breadth of security awareness, and what science says about the timing and form of the first training.
The Attention Problem
Why phishing simulations alone do not make employees better at recognizing phishing, and which approach is actually supported by research.