Skip to main content

Research Repository

Advanced Search

Persona-driven information security awareness.

Ki-Aries, Duncan; Faily, Shamal; Beckers, Kristian


Duncan Ki-Aries

Shamal Faily

Kristian Beckers


Because human factors are a root cause of security breaches in many organisations, security awareness activities are often used to address problematic behaviours and improve security culture. Previous work has found that personas are useful for identifying audience needs and goals, when designing and implementing awareness campaigns. We present a six-step security awareness process both driven by and centred around the use of personas. This can be embedded into business-as-usual activities, with 90-day cycles of awareness themes. We evaluated this process by using it to devise a security awareness campaign for a digital agency. Our results suggest a persona-centred security awareness approach is adaptable to business constraints, and contributes towards addressing security risks.


KI-ARIES, D., FAILY, S. and BECKERS, K. 2016. Persona-driven information security awareness. In Proceedings of the 30th International BCS human computer interaction conference (HCI 2016): fusion, 11-15 July 2016, Poole, UK. Swindon: BCS [online], article number 97. Available from:

Conference Name 30th International BCS human computer interaction conference (HCI 2016): fusion
Conference Location Poole, UK
Start Date Jul 11, 2016
End Date Jul 15, 2016
Acceptance Date Jul 11, 2016
Online Publication Date Jul 31, 2016
Publication Date Jul 31, 2016
Deposit Date Dec 9, 2021
Publicly Available Date Dec 9, 2021
Publisher BCS, The Chartered Institute for IT
Series Title Electronic workshops in computing
Series ISSN 1477-9358
Keywords User personas; User behaviour; Systems security; Security risk analysis; Software engineering
Public URL


You might also like

Downloadable Citations