• Biography/ Background

  I am currently a Senior Research Fellow and Information Security Consultant in the Adelaide Business School’s Human Aspects of Cyber Security (HACS) research group.  Although I have been consulting, teaching and researching information security for many years, my time with HACS has been focussed primarily on human factors research relating to the behaviour of digital-device users.  I am also on the board of the IFIP International Symposium on Human Aspects of Information Security & Assurance (HAISA) having hosted this conference in Adelaide in November, 2017.  I am currently a Board Member of the Adelaide Chapter of ISACA and have the certifications CISA, CISM, CGEIT and CRISC.

   

  
  

• Qualifications

  Bachelor of Applied Science (Data Processing), University of South Australia (formerly South Australian Institute of Technology).

  Master of Commerce (by research), Flinders University.
  Thesis topic:  Evaluating Information Systems Security: An Application of Goal Attainment Scaling.

  Doctor of Philosophy, University of Adelaide.
  Thesis topic: An Examination of Information System Risk Perceptions Using the Repertory Grid Technique
  (Awarded a Dean's Commendation for Doctoral Thesis Excellence).
  

   

   

   

   

   

• Awards & Achievements

  Certified Information Systems Auditor (CISA)

  Certified Information Security Manager (CISM)

  Certified in the Governance of Enterprise Information Technology (CGEIT)

  Certified in Risk and Information Systems Control (CRISC)

• Research Interests

  Information Security

  Cyber Security

  Human Aspects of Information and Cyber Security

  Behavioural Information Security

  Information System Risk Management

  Information Technology Governance

  Information Security Management

  Compliance with Information Security Frameworks, Standards & Guidelines

• Publications

  1.     Pattinson, M., Butavicius, M., Ciccarello, B., Lillie, M., Parsons, K., Calic, D. & McCormac, A., (2019), “Matching Training to Individual Learning Styles Improves Information Security Awareness”, Information and Computer Security, (in press).

   

  2.     Parsons, K., Butavicius, M., Delfabbro, P. & Lillie, M., (2019), “Predicting Susceptibility to Social Influence in Phishing Emails”, International Journal of Human-Computer Studies, Vol. 128, pp. 17-26.

   

  3.     Kun,Y., Taib, R., Butavicius, M., Parsons, K. & Chen, F., (2019), “Mouse Behaviour as an Index of Phishing Awareness”, 17th IFIP TC.13 International Conference on Human-Computer Interaction. September 2018, Paphos, Greece, Springer LNCS series.

   

  4.     Pattinson, M., Ciccarello, B., Butavicius, M., Parsons, K., McCormac, A. & Calic, D., (2018), “Is Your Office Environment Conducive to Good Cyber Security Behaviour?” Proceedings of the 17th Australian Cyber Warfare Conference (CWAR), Melbourne, Australia, pp. 32-41.

   

  5.     Pattinson, M., Butavicius, M., Ciccarello, B., Lillie, M., Parsons, K., Calic, D. & McCormac, A., (2018), “Adapting Cyber Security Training to Your Employees”, Proceedings of the 12th International Symposium on Human Aspects of Information Security and Assurance (HAISA 2018), Dundee, Scotland.

   

  6.     Parsons, K., Butavicius, M., Lillie, M., Calic, D., McCormac, A. & Pattinson, M., (2018), “Which Individual, Cultural, Organisational and Interventional Factors Explain Phishing Resilience?”, Proceedings of the 12th International Symposium on Human Aspects of Information Security and Assurance (HAISA 2018), Dundee, Scotland.

   

  7.     McCormac, A., Calic, D., Butavicius, M., Parsons, K., Pattinson, M. & Lillie, M., (2018), “The Effect of Resilience and Job stress on Information Security Awareness”, Information and Computer Security, 26(3), 277-289.

   

  8.     Butavicius, M., Parsons, Pattinson, M., K., McCormac, A., Calic, D. & Lillie, M. (2017), “Understanding Susceptibility to Phishing Emails: Assessing the Impact of Individual Differences and Culture”, Proceedings of the 11th International Symposium on Human Aspects of Information Security and Assurance (HAISA 2017), Adelaide, Australia, pp. 12–23.

   

  9.     McCormac, A., Calic, D., Butavicius, M., Parsons, K., Pattinson, M. & Lillie, M. (2017), “Understanding the Relationships Between Resilience, Work Stress and Information Security Awareness”, Proceedings of the 11th International Symposium on Human Aspects of Information Security and Assurance (HAISA 2017), Adelaide, Australia, pp. 80–90.

   

  10.  Pattinson, M., Butavicius, M., Parsons, K., McCormac, A. & Calic, D. (2017), “Managing Information Security Awareness at an Australian Bank: A Comparative Study”, Information and Computer Security, Vol. 25, Iss. 2, pp. 181-189.

   

  11.  Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A. & Zwaans, T., (2017), “The Human Aspects of Information Security Questionnaire (HAIS-Q): Two Further Validation Studies”, Computers and Security, Vol. 66, pp. 40-51

   

  12.  Zwaans, T., McCormac, A., Parsons, K., Calic, D., Butavicius, M. & Pattinson, M., (2017), “Individual Differences and Information Security Awareness”, Computers in Human Behaviour, Vol. 69, pp. 151-156.

   

  13.  McCormac, A., Calic, D., Parsons, K., Zwaans, T. Butavicius, M. & Pattinson, M., (2016), “Test-retest Reliability and Internal Consistency of the Human Aspects of Information Security Questionnaire (HAIS-Q)”, Proceedings of Australasian Conference on Information Systems, Wollongong, December.

   

  14.  Calic, D, Pattinson, M., Parsons, K., Butavicius, M. & McCormac, A. (2016), “Naïve and Accidental Behaviours that Compromise Information Security: What the Experts Think”, In S. Furnell & N. Clarke (Eds.) Proceedings of the 10th International Symposium on Human Aspects of Information Security and Assurance (HAISA 2016), Frankfurt, Germany, pp. 12-21.

   

  15.  Pattinson, M., Butavicius, M., Parsons, K., McCormac, A., Calic, D. & Jerram, C., (2016), “The Information Security Awareness of Bank Employees”, In S. Furnell & N. Clarke (Eds.) Proceedings of the 10^th International Symposium on Human Aspects of Information Security and Assurance (HAISA 2016), Frankfurt, Germany, pp. 189-198.

   

  16.  Pattinson, M., Parsons, K., Butavicius, M., McCormac, A. & Calic, D., (2016), “Assessing Information Security Attitudes: A Comparison of Two Studies”, Information and Computer Security, Vol. 24, Iss. 2, pp. 228-240.

   

  17.  Parsons, K., Butavicius, M., Pattinson, M., McCormac, A., Calic, D. & Jerram, C., (2015), “Do Users Focus on the Correct Cues to Differentiate Between Phishing and Genuine Emails?”, Proceedings of Australasian Conference of Information Systems (ACIS), Adelaide, December, arXiv preprint arXiv:1605.04717.

   

  18.  Butavicius, M., Parsons, K., Pattinson, M. & McCormac, A., (2015), “Breaching the Human Firewall: Social Engineering in Phishing and Spear-Phishing Emails”, Proceedings of Australasian Conference of Information Systems (ACIS), Adelaide, December, arXiv preprint arXiv:1606.00887.

   

  19.  Pattinson, M., Butavicius, M., Parsons, K., McCormac, A. & Calic, D., (2015), “Factors that Influence Information Security Behaviour: An Australian Web-based Study”, In T. Tryfonas & I. Askoxylakis (Eds.) Conference Proceedings of Human Aspects of Information Security, Privacy, and Trust (HCI 2015), Los Angeles, Springer International, LNCS 9190, pp. 231-241.

   

  20.  Pattinson, M., Butavicius, M., Parsons, K., McCormac, A. & Jerram, C., (2015), “Examining Attitudes Toward Information Security Behaviour Using Mixed Methods”, In S. Furnell & N. Clarke (Eds.) Proceedings of the 9^th International Symposium on Human Aspects of Information Security and Assurance (HAISA 2015), Lesvos, Greece, pp. 57-70.

   

  21.  Parsons, K., Young, E., Butavicius, M., McCormac, A., Pattinson, M. & Jerram, C., (2015), “The Influence of Organisational Information Security Culture on Information Security Decision Making”, Journal of Cognitive Engineering and Decision Making: Special Issue on Cybersecurity Decision Making, Vol. 9, Iss. 2, pp. 117-129.

   

  22.  Parsons, K., McCormac, A., Pattinson, M., Butavicius, M. & Jerram, C., (2015), “The Design of Phishing Studies: Challenges for Researchers”. Computers and Security: Special Issue on SEC 2013 Conference, pp. 194-206.

   

  23.  Parsons, K., McCormac, A., Pattinson, M., Butavicius, M. & Jerram, C., (2014), “A Study of Information Security Awareness in Australian Government Organisations”, Information Management and Computer Security, Vol. 22, Iss. 4, pp. 334-345.

   

  24.  Parsons, K., McCormac, A., Butavicius, M., Pattinson, M. & Jerram, C., (2014), “Determining Employee Awareness Using the Human Aspects of Information Security Questionnaire (HAIS-Q)”, Computers and Security, Vol. 42, pp. 165-176.

   

  25.  Parsons, K., McCormac, A., Pattinson, M., Butavicius, M. & Jerram, C., (2014), "Using Actions and Intentions to Evaluate Categorical Responses to Phishing and Genuine Emails", In N. L. Clarke & S. M. Furnell (Eds.) Proceedings of the 8th International Symposium on Human Aspects of Information Security and Assurance (HAISA 2014), Plymouth UK, July, pp. 30-41.

   

   

  27.  Pattinson, M., Jerram, C., Parsons, K., McCormac, A. & Butavicius, M., (2013), “Information Security Awareness: An Analysis of Knowledge, Attitude and Behaviour”, Proceedings of Control, Audit and Computer Security (CACS) 2013 Oceania conference, Adelaide, September.

   

  28.  Parsons, K., McCormac, A., Butavicius, M., Pattinson, M. & Jerram, C., (2013), "The Development of the Human Aspects of Information Security Questionnaire (HAIS-Q)", In Hepu Deng & Craig Standing (Eds.) Proceedings of the 24th Australasian Conference on Information Systems (ACIS), Melbourne, Australia, December, pp. 1-11.

   

  29.  Pattinson, M. & Jerram, C., (2013), "A Study of Information Systems Risk Perceptions at a Local Government Organisation", In Hepu Deng & Craig Standing (Eds.) Proceedings of the 24th Australasian Conference on Information Systems (ACIS), Melbourne, Australia, December, pp. 1-11.

   

  30.  Parsons, K., McCormac, A., Pattinson, M., Butavicius, M. & Jerram, C., (2013), “Phishing for the Truth: A Scenario-based Experiment of Users’ Behavioural Response to Emails”, In L. J. Janczewski, H. Wolf & S. Shenoi (Eds.) Proceedings of the 28th IFIP TC-11 International Information Security and Privacy Conference (SEC2013), Auckland, NZ, July, pp. 366-378.

   

  31.  Pattinson, M., Jerram, C., Parsons, K., McCormac, A. & Butavicius, M., (2012), "Why Do Some People Manage Phishing E-mails Better Than Others?", Information Management and Computer Security, Emerald Group Publishing Limited,  Vol: 20, Iss: 1 pp. 18-28.

   

  32.  Pattinson, M., Jerram, C., Parsons, K., McCormac, A. & Butavicius, M., (2011), “Managing Phishing Emails: A Scenario-Based Experiment”, In S. Furnell & N. Clarke (Eds.) Proceedings of the 5^th International Symposium on Human Aspects of Information Security and Assurance (HAISA 2011), London, England, July, pp. 74-85.

   

  33.  Pattinson, M. & Jerram, C., (2010), "Examining End-user Perceptions of Information Risks: An Application of the Repertory Grid Technique", In N. Clarke, S. Furnell & R. von Solms (Eds) Proceedings of the South African Information Security Multi-Conference (SAISMC 2010), Port Elizabeth, South Africa, May, pp. 2-12.

   

• Professional Associations

  Member, Information Systems Audit and Control Association (ISACA)

  Board Member, ISACA Adelaide Chapter, 2015 - 2016

  Member International Federation for Information Processing (IFIP), Technical Committee 11, Working Group 11.1 (Information Security Management)

  Co-chair International Federation for Information Processing Systems (IFIP), Technical Committee 11, Working Group 11.12 (Human Aspects of Information Sevcurity & Assurance (HAISA))

• Professional Interests

  Information Security Consultant

• Media Expertise

  Categories	Information Technology, Information Management
  Expertise	Cyber security Information Security Information Warfare Risk Management Human Aspects of Information Security IT Governance
  Notes	Member ISACA

Entry last updated: Sunday, 3 Oct 2021