Persona-driven information security awareness.
Ki-Aries, Duncan; Faily, Shamal; Beckers, Kristian
Because human factors are a root cause of security breaches in many organisations, security awareness activities are often used to address problematic behaviours and improve security culture. Previous work has found that personas are useful for identifying audience needs and goals, when designing and implementing awareness campaigns. We present a six-step security awareness process both driven by and centred around the use of personas. This can be embedded into business-as-usual activities, with 90-day cycles of awareness themes. We evaluated this process by using it to devise a security awareness campaign for a digital agency. Our results suggest a persona-centred security awareness approach is adaptable to business constraints, and contributes towards addressing security risks.
KI-ARIES, D., FAILY, S. and BECKERS, K. 2016. Persona-driven information security awareness. In Proceedings of the 30th International BCS human computer interaction conference (HCI 2016): fusion, 11-15 July 2016, Poole, UK. Swindon: BCS [online], article number 97. Available from: https://doi.org/10.14236/ewic/HCI2016.97
|Conference Name||30th International BCS human computer interaction conference (HCI 2016): fusion|
|Conference Location||Poole, UK|
|Start Date||Jul 11, 2016|
|End Date||Jul 15, 2016|
|Acceptance Date||Jul 11, 2016|
|Online Publication Date||Jul 31, 2016|
|Publication Date||Jul 31, 2016|
|Deposit Date||Dec 9, 2021|
|Publicly Available Date||Dec 9, 2021|
|Publisher||BCS, The Chartered Institute for IT|
|Series Title||Electronic workshops in computing|
|Keywords||User personas; User behaviour; Systems security; Security risk analysis; Software engineering|
KI-ARIES 2016 Persona-driven information security
Publisher Licence URL
You might also like
Automation and cyber security risks on the railways: the human factors implications.
Presentation / Conference
Integrated design framework for facilitating systems-theoretic process analysis.
Cybersecurity user requirements analysis: the ECHO approach.
Use-case informed task analysis for secure and usable design solutions in rail.
Visualising personas as goal models to find security tensions.