Enhancing Security Education Recognising Threshold Concepts and other influencing factors |
Users are frequently recognised as lacking a necessary level of security education, and even where efforts are made to provide it, they are rarely matched directly to the needs of the audience. This paper examines the gap between the typical provision of security education and what could be achieved via an approach that recognises differences between the individuals that are being targeted. The discussion highlights baseline areas of security literacy that are applicable to all users, but then illustrates how variations in individuals’ understanding of threshold concepts could complicate the task of delivering the related education. An approach is proposed in which security education becomes more tailored, recognising factors such as the user’s prior knowledge, learning style, and existing perception of security, leading to a personalised security education plan that is framed towards individual needs.
Vasileiou I, Furnell SM