Persona-Driven Information Security Awareness
نویسندگان
چکیده
Because human factors are a root cause of many security breaches in many organisations, security awareness activities are often used to address problematic behaviours and improve security culture. Previous work has found that personas are useful for identifying audience needs & goals when designing and implementing awareness campaigns. We present a six-step security awareness process which is both driven by and centred around the use of personas. This can be embedded into business-asusual activities, with 90-day cycles of awareness themes. We evaluated this process by using it to devise a security awareness campaign for a digital agency. Our results suggest a persona-centred security awareness approach is adaptable to business constraints, and contributes towards addressing security risks.
منابع مشابه
Towards an Intelligence-Driven Information Security Risk Management Process for Organisations
Three deficiencies exist in information security under prevailing practices: organisations tend to focus on compliance over protection; to estimate risk without investigating it; and to assess risk on an occasional (as opposed to continuous) basis. These tendencies indicate that important data is being missed and that the situation awareness of decision-makers in many organisations is currently...
متن کاملChappie Swarm: Persona-Driven Web Corpus Generation
A common issue amongst security researchers is the lack of publicly available network traffic traces. In this paper we present Chappie Swarm, which seeks to emulate human behavior in regard to internet browsing. The experimenter can unleash a number of automated chappies which will assume pre-defined personas, and then actively go out and query websites while simultaneously recording their brow...
متن کاملGoals, Models, and Progress towards Establishing a Virtual Information Security Laboratory in Maine
Information security education remains a critical topic in today’s information driven societies. Educational institutions have been called to action to help raise information security awareness, knowledge and skills in those they serve. Cyber defense competitions are an attractive option to help raise awareness and interest in information security. Effective information security educational act...
متن کاملUse of Persuasive Technology to Change End-Users- IT Security Aware Behaviour: A Pilot Study
Persuasive technology has been applied in marketing, health, environmental conservation, safety and other domains and is found to be quite effective in changing people’s attitude and behaviours. This research extends the application domains of persuasive technology to information security awareness and uses a theory-driven approach to evaluate the effectiveness of a web-based program developed ...
متن کاملISSEC: A Socio-technical Decision Support System for Information Security Planning
The traditional notion of information security, rooted in a solidly technical foundation, has within the past decade seen wide criticism within academia much of which has originated from the social sciences community as being narrow and technology-centric instead of holistic and organizational in its focus. As information security awareness encompasses an ever-greater scope of organizational dy...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016