Iacovos Kirlappos

PhD Student

UCL SECReT Doctoral Training Centre


Research Interests

I am working on improving information security implementations in large organisations by conducting field research.  Currently I am collaborating with two FTSE 100 companies and a non-profit organisation to create scientific methods that improve on current approaches in security policy formulation and communication, improve the usability of the implemented security mechanisms and improve employee security behaviour by implementing better security education.

 I am also looking into how security policies can be improved to allow for less interruptions in organisational workflows and how security systems and practices can be better aligned to help employees and the organisation to achieve business objectives.

In the past I have studied the effectiveness of anti-phishing tools and user education, and also the development of trust in online retailers. 







Kirlappos, I., Parkin, S., Sasse, M.A. (2015). "Shadow security" as a tool for the learning organization. ACM SIGCAS Computers and Society, 45 (1), 29-37. doi:10.1145/2738210.2738216
Kirlappos, I., Sasse, M.A. (2015). Fixing Security Together: Leveraging trust relationships to improve security in organizations.


Kirlappos, I., Parkin, S., Sasse, M.A. (2014). Learning from 'Shadow Security': Why understanding noncompliant behaviors provides the basis for effective security.
Kirlappos, I., Sasse, M.A. (2014). What Usable Security Really Means: Trusting and Engaging Users.


Huth, M., Kuo, J.H., Sasse, M.A., Kirlappos, I. (2013). Towards Usable Generation and Enforcement of Trust Evidence from Programmers’ Intent.
Kirlappos, I., Beautement, A., Sasse, M.A. (2013). “Comply or Die” Is Dead: Long Live Security-Aware Principal Agents.


Kirlappos, I., Sasse, M.A. (2012). Security Education against Phishing: A Modest Proposal for a Major Rethink. IEEE SECURITY & PRIVACY, 10 (2), 24-32.
Kirlappos, I., Sasse, M.A., Harvey, N. (2012). Why Trust Seals Don’t Work: A Study of User Perceptions and Behavior. In (pp. 308-324). .
Sasse, M.A., Kirlappos, I. (2012). Design for Trusted and Trustworthy Services: Why We Must Do Better.. In Trust, Computing, and Society. (pp. 229-249). .


Sasse, M.A., Kirlappos, I. (2011). Familiarity Breeds Con-victims: Why We Need More Effective Trust Signaling..

This page was last modified on 07 Jan 2016.



6.07, Malet Place Engineering


+44 020 7679 0350


+44 020 7387 1397


i.kirlappos [at] cs.ucl.ac.uk


Research Themes

  • Information Security Management
  • Information Security Compliance
  • Security Economics
  • Security and Human Behaviour