Duncan Ki-Aries
Persona-centred information security awareness.
Ki-Aries, Duncan; Faily, Shamal
Authors
Shamal Faily
Abstract
Maintaining Information Security and protecting data assets remains a principal concern for businesses. Many data breaches continue to result from accidental, intentional or malicious human factors, leading to financial or reputational loss. One approach towards improving behaviours and culture is with the application of on-going awareness activities. This paper presents an approach for identifying security related human factors by incorporating personas into information security awareness design and implementation. The personas, which are grounded in empirical data, offer a useful method for identifying audience needs and security risks, enabling a tailored approach to business-specific awareness activities. As a means for integrating personas, we present six on-going steps that can be embedded into business-as-usual activities with 90-day cycles of awareness themes, and evaluate our approach with a case study business. Our findings suggest a persona-centred information security awareness approach has the capacity to adapt to the time and resource required for its implementation within the business, and offer a positive contribution towards reducing or mitigating Information Security risks through security awareness.
Citation
KI-ARIES, D. and FAILY, S. 2017. Persona-centred information security awareness. Computers and security [online] 70, pages 663-674. Available from: https://doi.org/10.1016/j.cose.2017.08.001
| Journal Article Type | Article |
|---|---|
| Acceptance Date | Aug 1, 2017 |
| Online Publication Date | Aug 9, 2017 |
| Publication Date | Sep 30, 2017 |
| Deposit Date | Sep 29, 2021 |
| Publicly Available Date | Dec 8, 2021 |
| Journal | Computers and security |
| Print ISSN | 0167-4048 |
| Electronic ISSN | 1872-6208 |
| Publisher | Elsevier |
| Peer Reviewed | Peer Reviewed |
| Volume | 70 |
| Pages | 663-674 |
| DOI | https://doi.org/10.1016/j.cose.2017.08.001 |
| Keywords | User personas; User behaviour; Systems security; Security risk analysis; Human-computer interaction; Software engineering |
| Public URL | https://rgu-repository.worktribe.com/output/1427945 |
Files
KI-ARIES 2017 Persona-centred information security
(615 Kb)
PDF
Publisher Licence URL
https://creativecommons.org/licenses/by/4.0/
You might also like
Programming language evaluation criteria for safety-critical software in the air domain.
(2022)
Conference Proceeding
Privacy goals for the data lifecycle.
(2022)
Journal Article
Automation and cyber security risks on the railways: the human factors implications.
(2022)
Presentation / Conference
Assessing system of systems information security risk with OASoSIS.
(2022)
Journal Article
Integrated design framework for facilitating systems-theoretic process analysis.
(2022)
Conference Proceeding
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search