Persona-centred information security awareness

Authors: Ki-Aries, D., Faily, S. and Beckers, K.

http://eprints.bournemouth.ac.uk/23808/

Start date: 11 July 2016

This data was imported from Scopus:

Authors: Ki-Aries, D. and Faily, S.

http://eprints.bournemouth.ac.uk/23808/

Journal: Computers and Security

Volume: 70

Pages: 663-674

ISSN: 0167-4048

DOI: 10.1016/j.cose.2017.08.001

© 2017 The Authors Maintaining Information Security and protecting data assets remains a principal concern for businesses. Many data breaches continue to result from accidental, intentional or malicious human factors, leading to financial or reputational loss. One approach towards improving behaviours and culture is with the application of on-going awareness activities. This paper presents an approach for identifying security related human factors by incorporating personas into information security awareness design and implementation. The personas, which are grounded in empirical data, offer a useful method for identifying audience needs and security risks, enabling a tailored approach to business-specific awareness activities. As a means for integrating personas, we present six on-going steps that can be embedded into business-as-usual activities with 90-day cycles of awareness themes, and evaluate our approach with a case study business. Our findings suggest a persona-centred information security awareness approach has the capacity to adapt to the time and resource required for its implementation within the business, and offer a positive contribution towards reducing or mitigating Information Security risks through security awareness.

This source preferred by Duncan Ki-Aries and Shamal Faily

This data was imported from Web of Science (Lite):

Authors: Ki-Aries, D. and Faily, S.

http://eprints.bournemouth.ac.uk/23808/

Journal: COMPUTERS & SECURITY

Volume: 70

Pages: 663-674

eISSN: 1872-6208

ISSN: 0167-4048

DOI: 10.1016/j.cose.2017.08.001

The data on this page was last updated at 04:42 on November 25, 2017.