Abstract
Security education and awareness are frequently overlooked for users in both workplace and personal contexts, and even where some level of provision is offered it is rarely done in a manner that is matched specifically to the needs of the audience. However, by personalising the provision, and making the presentation and messaging more appropriate to the individuals receiving it, there is a greater chance of achieving understanding, engagement, and resultant compliance. This paper examines the gap that exists between the typical and desirable provision of security education. It highlights baseline areas of security literacy that ought to be applicable to all users, but then illustrates how variations in individuals’ understanding of threshold concepts could complicate the task of delivering the related education. It is proposed that security education should be more tailored, recognising factors such as the user’s role, prior knowledge, learning style, and current perception of security, in order to deliver a more personalised security education plan that is framed towards individual circumstances and can be delivered in a manner that suits their needs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Prensky, M.: Digital natives, digital immigrants. Horizon 9(5), 1–6 (2001)
DCMS: Cyber Security Breaches Survey 2018. Main report. Department for Culture, Media & Sport, April 2018 (2018). https://www.ipsos.com/sites/default/files/ct/publication/documents/2018-04/cyber-security-breaches-survey-2018-main-report.pdf
HM Government, FTSE 350 Cyber Governance Health Check Report 2017, Department for Digital, Culture, Media and Sport, London, UK, July 2017 (2017). https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/635605/tracker-report-2017_v6.pdf
Vasileiou, I., Furnell, S.: Enhancing security education - recognising threshold concepts and other influencing factors. In: Proceedings of ICISSP 2018 - 4th International Conference on Information Systems Security and Privacy, Funchal, Madeira, Portugal, 22–24 January 2018, pp. 398-403 (2018)
Furnell, S.: Jumping security hurdles. Comput. Fraud Secur. 2010, 10–14 (2010)
Furnell, S., Moore, L.: Security literacy: the missing link in today’s online society? Comput. Fraud Secur. 2014, 12–18 (2014)
Meyer, J.H.F., Land, R.: Threshold concepts and troublesome knowledge – linkages to ways of thinking and practising. In: Rust, C. (ed.) Improving Student Learning – Ten Years On. OCSLD, Oxford (2003)
Davies, P., Mangan, J.: Recognising Threshold Concepts: an exploration of different approaches. In: European Association in Learning and Instruction Conference (EARLI), Nicosia, Cyprus, 23–27 August 2005 (2005)
Talib, S.: Personalising Information security education. Ph.D. thesis, University of Plymouth (2014). https://pearl.plymouth.ac.uk/bitstream/handle/10026.1/2896/2014talib10137661phd.pdf
Fleming, N.D.: Teaching and Learning Styles: VARK Strategies, 2nd edn. Neil D Fleming, Christchurch (2006)
Pattinson, M., Anderson, G.: Risk communication, risk perception and information security, security management, integrity and internal control in information systems. In: Proceedings of IFIP TC-11 WG11.1 and WG11.5 Joint Working Conference, Fairfax, Virginia, USA, December 2005, pp. 175–184 (2005)
Bada, M., Sasse, A.: Cyber Security Awareness Campaigns - why do they fail to change behaviour? Draft Working Paper, Global Cyber Security Capacity Centre, July 2014 (2014). http://discovery.ucl.ac.uk/1468954/1/Awareness%20CampaignsDraftWorkingPaper.pdf
ISF: From Promoting Awareness to Embedding Behaviours - secure by choice, not by chance. Information Security Forum (2014). https://www.securityforum.org/uploads/2015/03/From-Promoting-Awareness-ES-2014_Marketing.pdf
Furnell, S., Rajendran, A.: Understanding the influences on information security behaviour. Comput. Fraud Secur. 2012, 12–15 (2012)
Gabriel, T., Furnell, S.: Selecting security champions. Comput. Fraud Secur. 2011, 8–12 (2011)
Beris, O., Beautement, A., Sasse, M.A.: Employee rule breakers, excuse makers and security champions: mapping the risk perceptions and emotions that drive security behaviors. In: Somayaji, A., Van Oorschot, P., Böhme, R., Mannan, M. (eds.) NSPW 2015: Proceedings of the 2015 New Security Paradigms Workshop, pp. 73–84 (2015)
Boud, D., Middleton, H.: Learning from others at work: communities of practice and informal learning. J. Work. Learn. 15(5), 194–202 (2003)
Ashwin, P.: Implementing Peer Learning Across Organisations: the development of a model. Mentor. Tutoring Partnersh. Learn. 10(3), 221–231 (2010)
Faysse, N., Sraïri, M.T., Errahj, M.: Local Farmers’ Organisations: a space for peer-to-peer learning? The case of milk collection cooperatives in Morocco. J. Agric. Educ. Ext. 18(3), 285–299 (2012)
Arthur Jr., W., Bennett Jr., W., Edens, P.S., Bell, S.T.: Effectiveness of training in organisations: a meta-analysis of design and evaluation features. J. Appl. Psychol. 88(2), 234–245 (2003)
Furnell, S., Vasileiou, I.: Security education and awareness: just let them burn? Netw. Secur. 2017, 5–9 (2017)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Vasileiou, I., Furnell, S. (2019). Personalising Security Education: Factors Influencing Individual Awareness and Compliance. In: Mori, P., Furnell, S., Camp, O. (eds) Information Systems Security and Privacy. ICISSP 2018. Communications in Computer and Information Science, vol 977. Springer, Cham. https://doi.org/10.1007/978-3-030-25109-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-25109-3_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-25108-6
Online ISBN: 978-3-030-25109-3
eBook Packages: Computer ScienceComputer Science (R0)