Lehrstuhl Andrea Back


Arbeitsgebiet Cybersecurity

Short description: Our field of activity related to Cybersecurity deals with 1) how to influence employees' motivation to behave more securely and more in compliance with organizational IT security policies and 2) what the contextual factors are (e.g. culture, color, warnings, etc.) that would empower employees to take more informed and better security decisions.


Audi AG - App Validation

Type: Consulting Project

Client company: Audi AG

Description: The project is looking at evaluating different security solutions on the market that can do an automated security check for Mobile App security & privacy behaviors following an evaluation protocol established by Audi.

September 2014 to October 2014

Mobile Device Authentication Study

Type: Consulting Project

Description: Mobile Device Authentication Study for Audi is about exploring authentication solution that could satisfy Audi IT security requirements and at the same time, ensure highest
level of user experience.

Duration: September to November, 2013.

Open Source Software Evaluation

Type: Consulting project

Company: City of Barcelona, Spain

Description: The project aims at exploring open source software challenges, risks and opportunities within governmental organizations all around the world. Different aspects such as security challenges were analyzed by interviewing and collecting various data from over 15 different organizations.

Duration: January to March 2018


Insider Computer Abuse

Type: SNF Project

Abstract: In order to more efficiently reduce the insider computer abuse it is necessary to better understand the contextual events (e.g. employee greed, disgruntlement, ego-satisfaction, ignorance of warning communication, emotions) that precede the IT security policy violation and lead to the employee non-compliant behavior.
This research project aims at developing new theoretical insights about how to influence employee behavior through the contextual events, which temporally precede the insider computer abuse.

Overall, this research seeks to study the three contextual events (ignorance of warning communication, emotions, and disgruntlement), using theory-based methods, and measuring their effects on employee’s behavior.

Following research questions are tackled:

RQ1. How different forms of employee computer abuse that result from different forms of injustice, will be equally deferrable?
RQ2. How is the insider computer abuse phenomenon influenced by strong emotions?
RQ3. Do emotions moderate the threat of sanctions created by IS security deterrent safeguards?
RQ4. How may warning message content, based on theory, affect adherence especially when users pay attention to the content of the warning message?
RQ5. What communication and persuasion triggers are positively associated with user’s intention to be compliant?
RQ6. How can warnings lead to a higher effectiveness of sanction threats when it comes to the progression, reduction in frequency and decrease in duration of the security incident?
RQ7. Which textual treatments are effective in eliciting user compliance?
RQ8. Which motivational cues affect individuals the most in their decision making process?





Type: Bachelor Course

Course Description: This is a course about fundamentals of cybersecurity. Topics will include the Cybersecurity principles (Confidentiality, integrity, & availability), Information Security (IS) within Lifecycle Management (e.g., Security architecture tools). Students will also learn about risks & vulnerabilities and how to assess the current security landscape, including the nature of the threat, the general status of common vulnerabilities, and the likely consequences of security failures. Finally, an overview of information & network Security, system & application security, including authentication mechanisms and a number of examples of the security vulnerabilities of existing communication protocols will be provided to instruct students on the inherent risks of communication via the internet.