Persona-Driven Information Security Awareness

Because human factors are a root cause of security breaches in many organisations, security awareness activities are often used to address problematic behaviours and improve security culture. Previous work has found that personas are useful for identifying audience needs & goals when designing and implementing awareness campaigns. We present a six-step security awareness process both driven by and centred around the use of personas. This can be embedded into business-as-usual activities, with 90-day cycles of awareness themes. We evaluated this process by using it to devise a security awareness campaign for a digital agency. Our results suggest a persona-centred security awareness approach is adaptable to business constraints, and contributes towards addressing security risks.

Content

Author and article information

Contributors

Duncan Ki-Aries

Shamal Faily

Kristian Beckers

Conference

Publication date: July 2016

Publication date (Print): July 2016

Pages: 1-3

Affiliations

[0001]Bournemouth University

Poole, UK

Article

DOI: 10.14236/ewic/HCI2016.97

SO-VID: 0244bc48-d1bc-487a-af11-0a5c4f2b7840

License:

This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

Conference name: Proceedings of the 30th International BCS Human Computer Interaction Conference

Conference acronym: HCI

Conference number: 30

Conference location: Bournemouth University, Poole, UK

Conference date: 11 - 15 July 2016

Conference sponsor: Electronic Workshops in Computing (eWiC)

Conference theme: Fusion

History

Product

1477-9358 BCS Learning & Development

Self URI (article page): https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/HCI2016.97

Self URI (journal page): https://ewic.bcs.org/

REFERENCES

M. BadaM. A. SasseJ. R. C. Nurse 2015 Cyber security awareness campaigns: Why do they fail to change behaviour? International Conference on Cyber Security for Sustainable Society 118 131
K. BeckersS. Pape 2016 A serious game for eliciting social engineering security requirements. Proceedings of the 24th IEEE International Conference on Requirements Engineering, RE ’16 IEEE Computer Society. To Appear
M. BeyerS. AhmedK. DoerlemannS. ArnellS. ParkinM. A. SasseN. Passingham 2015 White paper: Awareness is only the first step: A framework for progressive engagement of staff in cyber security Technical report, Hewlett Packard Enterprise
A. CooperR. ReimannD. CroninC Noessel 2014 About Face: The Essentials of Interaction Design John Wiley & Sons
C. HochleitnerC. GrafM. Tscheligi 2013 Do you enjoy getting gifts?: Keeping personas alive through marketing materials. CHI ’13 Extended Abstracts on Human Factors in Computing Systems, CHI EA ’13 2355 2358 ACM
M. M. LewisL. Coles-Kemp 2014 Who says personas can’t dance?: The use of comic strips to design information security personas CHI ’14 Extended Abstracts on Human Factors in Computing Systems, CHI EA ’14 2485 2490 ACM
I. Mann 2008 Hacking the Human: Social Engineering Techniques and Security Countermeasures Gower
PwC 2015 2015 Information security breaches survey Technical report, PwC
M. WilsonJ. Hash 2003 NIST Special Publication 800-50: Building an Information Technology Security Awareness and Training Programme Technical report, National Institute of Standards and Technology

Comments

Comment on this article

[1] M. BadaM. A. SasseJ. R. C. Nurse 2015 Cyber security awareness campaigns: Why do they fail to change behaviour? International Conference on Cyber Security for Sustainable Society 118 131

[2] K. BeckersS. Pape 2016 A serious game for eliciting social engineering security requirements. Proceedings of the 24th IEEE International Conference on Requirements Engineering, RE ’16 IEEE Computer Society. To Appear

[3] M. BeyerS. AhmedK. DoerlemannS. ArnellS. ParkinM. A. SasseN. Passingham 2015 White paper: Awareness is only the first step: A framework for progressive engagement of staff in cyber security Technical report, Hewlett Packard Enterprise

[4] A. CooperR. ReimannD. CroninC Noessel 2014 About Face: The Essentials of Interaction Design John Wiley & Sons

[5] C. HochleitnerC. GrafM. Tscheligi 2013 Do you enjoy getting gifts?: Keeping personas alive through marketing materials. CHI ’13 Extended Abstracts on Human Factors in Computing Systems, CHI EA ’13 2355 2358 ACM

[6] M. M. LewisL. Coles-Kemp 2014 Who says personas can’t dance?: The use of comic strips to design information security personas CHI ’14 Extended Abstracts on Human Factors in Computing Systems, CHI EA ’14 2485 2490 ACM

[7] I. Mann 2008 Hacking the Human: Social Engineering Techniques and Security Countermeasures Gower

[8] PwC 2015 2015 Information security breaches survey Technical report, PwC

[9] M. WilsonJ. Hash 2003 NIST Special Publication 800-50: Building an Information Technology Security Awareness and Training Programme Technical report, National Institute of Standards and Technology

Celebrating 65 years of The Computer Journal - free-to-read perspectives - bcs.org/tcj65