Personalising Security Education ‐ Factors influencing individual awareness and compliance |
Security education and awareness are frequently overlooked for users
Vasileiou I, Furnell SM
in both workplace and personal contexts, and even where some level of provision
is offered it is rarely done in a manner that is matched specifically to the needs
of the audience. However, by personalising the provision, and making the
presentation and messaging more appropriate to the individuals receiving it, there
is a greater chance of achieving understanding, engagement, and resultant compliance.
This paper examines the gap that exists between the typical and desirable
provision of security education. It highlights baseline areas of security literacy
that ought to be applicable to all users, but then illustrates how variations in individuals’
understanding of threshold concepts could complicate the task of delivering
the related education. It is proposed that security education should be
more tailored, recognising factors such as the user’s role, prior knowledge, learning
style, and current perception of security, in order to deliver a more personalised
security education plan that is framed towards individual circumstances and
can be delivered in a manner that suits their needs.