Duncan Ki-Aries
Persona-centred information security awareness.
Ki-Aries, Duncan; Faily, Shamal
Authors
Shamal Faily
Abstract
Maintaining Information Security and protecting data assets remains a principal concern for businesses. Many data breaches continue to result from accidental, intentional or malicious human factors, leading to financial or reputational loss. One approach towards improving behaviours and culture is with the application of on-going awareness activities. This paper presents an approach for identifying security related human factors by incorporating personas into information security awareness design and implementation. The personas, which are grounded in empirical data, offer a useful method for identifying audience needs and security risks, enabling a tailored approach to business-specific awareness activities. As a means for integrating personas, we present six on-going steps that can be embedded into business-as-usual activities with 90-day cycles of awareness themes, and evaluate our approach with a case study business. Our findings suggest a persona-centred information security awareness approach has the capacity to adapt to the time and resource required for its implementation within the business, and offer a positive contribution towards reducing or mitigating Information Security risks through security awareness.
Citation
KI-ARIES, D. and FAILY, S. 2017. Persona-centred information security awareness. Computers and security [online] 70, pages 663-674. Available from: https://doi.org/10.1016/j.cose.2017.08.001
Journal Article Type | Article |
---|---|
Acceptance Date | Aug 1, 2017 |
Online Publication Date | Aug 9, 2017 |
Publication Date | Sep 30, 2017 |
Deposit Date | Sep 29, 2021 |
Publicly Available Date | Dec 8, 2021 |
Journal | Computers and security |
Print ISSN | 0167-4048 |
Electronic ISSN | 1872-6208 |
Publisher | Elsevier |
Peer Reviewed | Peer Reviewed |
Volume | 70 |
Pages | 663-674 |
DOI | https://doi.org/10.1016/j.cose.2017.08.001 |
Keywords | User personas; User behaviour; Systems security; Security risk analysis; Human-computer interaction; Software engineering |
Public URL | https://rgu-repository.worktribe.com/output/1427945 |
Files
KI-ARIES 2017 Persona-centred information security
(615 Kb)
PDF
Publisher Licence URL
https://creativecommons.org/licenses/by/4.0/
You might also like
Privacy goals for the data lifecycle.
(2022)
Journal Article
Assessing system of systems information security risk with OASoSIS.
(2022)
Journal Article
Visualising personas as goal models to find security tensions.
(2021)
Journal Article
Evaluating privacy: determining user privacy expectations on the web.
(2021)
Journal Article
DPIA in context: applying DPIA to assess privacy risks of cyber physical systems.
(2020)
Journal Article
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search