Persona-driven information security awareness.

Ki-Aries, Duncan; Faily, Shamal; Beckers, Kristian

doi:10.14236/ewic/HCI2016.97

Authors

Duncan Ki-Aries

Shamal Faily

Kristian Beckers

Abstract

Because human factors are a root cause of security breaches in many organisations, security awareness activities are often used to address problematic behaviours and improve security culture. Previous work has found that personas are useful for identifying audience needs and goals, when designing and implementing awareness campaigns. We present a six-step security awareness process both driven by and centred around the use of personas. This can be embedded into business-as-usual activities, with 90-day cycles of awareness themes. We evaluated this process by using it to devise a security awareness campaign for a digital agency. Our results suggest a persona-centred security awareness approach is adaptable to business constraints, and contributes towards addressing security risks.

Citation

KI-ARIES, D., FAILY, S. and BECKERS, K. 2016. Persona-driven information security awareness. In Proceedings of the 30th International BCS human computer interaction conference (HCI 2016): fusion, 11-15 July 2016, Poole, UK. Swindon: BCS [online], article number 97. Available from: https://doi.org/10.14236/ewic/HCI2016.97

Conference Name	30th International BCS human computer interaction conference (HCI 2016): fusion
Conference Location	Poole, UK
Start Date	Jul 11, 2016
End Date	Jul 15, 2016
Acceptance Date	Jul 11, 2016
Online Publication Date	Jul 31, 2016
Publication Date	Jul 31, 2016
Deposit Date	Dec 9, 2021
Publicly Available Date	Dec 9, 2021
Publisher	BCS, The Chartered Institute for IT
Series Title	Electronic workshops in computing
Series ISSN	1477-9358
DOI	https://doi.org/10.14236/ewic/HCI2016.97
Keywords	User personas; User behaviour; Systems security; Security risk analysis; Software engineering
Public URL	https://rgu-repository.worktribe.com/output/1437924