Personalising Security Education: Factors Influencing Individual Awareness and Compliance

Vasileiou, Ismini; Furnell, Steven

doi:10.1007/978-3-030-25109-3_10

Cited by 7 publications

(9 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In their study, they also found that current one-size-fitsall training approaches have no impact on knowledge and behavior. This is consistent with other literature (e.g., [2], [6]) indicating the need for improving the traditional approach to information security training. Anichiti et al [30] provide segmentation based on users' knowledge about cyber security in hotels.…”

Section: B User Segmentation Based On Security-related Characteristicssupporting

confidence: 92%

“…Two key approaches for provision of training can be found in the literature, i.e., traditional and personalized training [2], [6]. The traditional (i.e., one-size-fits-all) approach follows the premise that all users should get the same training [2], [6], [7] although its content can be tailored to the needs of a specific organization. The traditional approach may not be suitable for all situations and often fails to deliver the intended benefits [2], [6], [8], [9].…”

Section: Introductionmentioning

confidence: 99%

“…The traditional (i.e., one-size-fits-all) approach follows the premise that all users should get the same training [2], [6], [7] although its content can be tailored to the needs of a specific organization. The traditional approach may not be suitable for all situations and often fails to deliver the intended benefits [2], [6], [8], [9]. For example, training should meet the needs of users (e.g., users' knowledge, attitude and behavior related to information security [10]), and given the constantly changing cyberenvironment, it should be up-to-date otherwise it becomes meaningless and/or expensive, and users may see training as an obstacle rather than as an advantage [2], [6], [11].…”

Section: Introductionmentioning

confidence: 99%

“…Tailoring training to the needs of individual users is known as the personalized approach [2], [6]. Although the VOLUME 4, 2016 personalized approach addresses some of the issues of the traditional approach, it introduces new challenges, such as increased efforts and costs for tailoring security training to each individual, and is consequentially rarely seen in practice.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Know Your Enemy: User Segmentation Based on Human Aspects of Information Security

2021

View full text Add to dashboard Cite

Section: B User Segmentation Based On Security-related Characteristicssupporting

confidence: 92%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Know Your Enemy: User Segmentation Based on Human Aspects of Information Security

2021

View full text Add to dashboard Cite

“…They can be an experienced hacker who helps testers in fnding vulnerabilities [74], an intermediary between the security and development teams [25,70], or the leader in threat modelling activities [10,63]. They are involved in several security-related activities such as educating other developers [31,33,34,38,73], increasing awareness [19,33,34], and promoting the adoption of technologies [31,32,34].…”

Section: Related Workmentioning

confidence: 99%

Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, and Challenges

Tahaei

Frik

Vaniea

2021

Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

Software development teams are responsible for making and implementing software design decisions that directly impact end-user privacy, a challenging task to do well. Privacy Champions-people who strongly care about advocating privacy-play a useful role in supporting privacy-respecting development cultures. To understand their motivations, challenges, and strategies for protecting end-user privacy, we conducted 12 interviews with Privacy Champions in software development teams. We fnd that common barriers to implementing privacy in software design include: negative privacy culture, internal prioritisation tensions, limited tool support, unclear evaluation metrics, and technical complexity. To promote privacy, Privacy Champions regularly use informal discussions, management support, communication among stakeholders, and documentation and guidelines. They perceive code reviews and practical training as more instructive than general privacy awareness and on-boarding training. Our study is a frst step towards understanding how Privacy Champions work to improve their organisation's privacy approaches and improve the privacy of enduser products. CCS CONCEPTS• Human-centered computing → Empirical studies in collaborative and social computing; • Security and privacy → Usability in security and privacy; • Social and professional topics → Software management.

show abstract

Formalizing and Integrating User Knowledge into Security Analytics

2022

View full text Add to dashboard Cite

The Internet-of-Things and ubiquitous cyber-physical systems increase the attack surface for cyber-physical attacks. They exploit technical vulnerabilities and human weaknesses to wreak havoc on organizations’ information systems, physical machines, or even humans. Taking a stand against these multi-dimensional attacks requires automated measures to be combined with people as their knowledge has proven critical for security analytics. However, there is no uniform understanding of information security knowledge and its integration into security analytics activities. With this work, we structure and formalize the crucial notions of knowledge that we deem essential for holistic security analytics. A corresponding knowledge model is established based on the Incident Detection Lifecycle, which summarizes the security analytics activities. This idea of knowledge-based security analytics highlights a dichotomy in security analytics. Security experts can operate security mechanisms and thus contribute their knowledge. However, security novices often cannot operate security mechanisms and, therefore, cannot make their highly-specialized domain knowledge available for security analytics. This results in several severe knowledge gaps. We present a research prototype that shows how several of these knowledge gaps can be overcome by simplifying the interaction with automated security analytics techniques.

show abstract

Personalising Security Education: Factors Influencing Individual Awareness and Compliance

Cited by 7 publications

References 12 publications

Know Your Enemy: User Segmentation Based on Human Aspects of Information Security

Know Your Enemy: User Segmentation Based on Human Aspects of Information Security

Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, and Challenges

Formalizing and Integrating User Knowledge into Security Analytics

Contact Info

Product

Resources

About