Persona-centred information security awareness

Authors: Ki-Aries, D. and Faily, S.

Journal: Computers and Security

Volume: 70

Pages: 663-674

ISSN: 0167-4048

DOI: 10.1016/j.cose.2017.08.001

Abstract:

Maintaining Information Security and protecting data assets remains a principal concern for businesses. Many data breaches continue to result from accidental, intentional or malicious human factors, leading to financial or reputational loss. One approach towards improving behaviours and culture is with the application of on-going awareness activities. This paper presents an approach for identifying security related human factors by incorporating personas into information security awareness design and implementation. The personas, which are grounded in empirical data, offer a useful method for identifying audience needs and security risks, enabling a tailored approach to business-specific awareness activities. As a means for integrating personas, we present six on-going steps that can be embedded into business-as-usual activities with 90-day cycles of awareness themes, and evaluate our approach with a case study business. Our findings suggest a persona-centred information security awareness approach has the capacity to adapt to the time and resource required for its implementation within the business, and offer a positive contribution towards reducing or mitigating Information Security risks through security awareness.

https://eprints.bournemouth.ac.uk/29683/

Source: Scopus

Persona-centred information security awareness

Authors: Ki-Aries, D. and Faily, S.

Journal: COMPUTERS & SECURITY

Volume: 70

Pages: 663-674

eISSN: 1872-6208

ISSN: 0167-4048

DOI: 10.1016/j.cose.2017.08.001

https://eprints.bournemouth.ac.uk/29683/

Source: Web of Science (Lite)

Persona-Centred Information Security Awareness

Authors: Ki-Aries, D. and Faily, S.

Journal: Computers & security

Publisher: Elsevier

ISSN: 0167-4048

https://eprints.bournemouth.ac.uk/29683/

Source: Manual

Persona-centred information security awareness.

Authors: Ki-Aries, D. and Faily, S.

Journal: Comput. Secur.

Volume: 70

Pages: 663-674

https://eprints.bournemouth.ac.uk/29683/

Source: DBLP

Persona-Centred Information Security Awareness

Authors: Ki-Aries, D. and Faily, S.

Journal: Computers & security

Volume: 70

Issue: September

Pages: 663-674

ISSN: 0167-4048

Abstract:

Maintaining Information Security and protecting data assets remains a principal concern for businesses. Many data breaches continue to result from accidental, intentional or malicious human factors, leading to financial or reputational loss. One approach towards improving behaviours and culture is with the application of on-going awareness activities. This paper presents an approach for identifying security related human factors by incorporating personas into information security awareness design and implementation. The personas, which are grounded in empirical data, offer a useful method for identifying audience needs and security risks, enabling a tailored approach to business-specific awareness activities. As a means for integrating personas, we present six on-going steps that can be embedded into business-as-usual activities with 90-day cycles of awareness themes, and evaluate our approach with a case study business. Our findings suggest a persona-centred information security awareness approach has the capacity to adapt to the time and resource required for its implementation within the business, and offer a positive contribution towards reducing or mitigating Information Security risks through security awareness.

https://eprints.bournemouth.ac.uk/29683/

Source: BURO EPrints