Persona-driven information security awareness.

Because human factors are a root cause of security breaches in many organisations, security awareness activities are often used to address problematic behaviours and improve security culture. Previous work has found that personas are useful for identifying audience needs and goals, when designing and implementing awareness campaigns. We present a six-step security awareness process both driven by and centred around the use of personas. This can be embedded into business-as-usual activities, with 90-day cycles of awareness themes. We evaluated this process by using it to devise a security awareness campaign for a digital agency. Our results suggest a persona-centred security awareness approach is adaptable to business constraints, and contributes towards addressing security risks

Persona-Driven Information Security Awareness

Because human factors are a root cause of security breaches in many organisations, security awareness activities are often used to address problematic behaviours and improve security culture. Previous work has found that personas are useful for identifying audience needs & goals when designing and implementing awareness campaigns. We present a six-step security awareness process both driven by and centred around the use of personas. This can be embedded into business-as-usual activities, with 90-day cycles of awareness themes. We evaluated this process by using it to devise a security awareness campaign for a digital agency. Our results suggest a persona-centred security awareness approach is adaptable to business constraints, and contributes towards addressing security risks

Service Design Against Organised Crime

This paper proposes benefits of using service design against organised crime. As a vehicle to this discussion, the focus is an anti-child-trafficking project at Northumbria University in the UK, involving its multidisciplinary Northumbria Crime Prevention Network. The last 10 years have shown increasing evidence of people trafficking, internationally (DoS, 2010), generally for the purposes of illegal labour and/or sex. A significant fraction of those who are trafficked are children. The majority of these children are in their mid-teens, but some are as young as five years old. The C4 persona-based critical design process, (Hilton, 2008), is proposed to strategically enable a service design approach to counter organised crime, by first developing the required criminal personas in order to use their competitive perspectives in critical review of the preventative initiatives. Opportunities from such a service design approach, to child trafficking for example would include new means of: interruption or redirection of child trafficking services so that these children end up in legitimate care; also the proposition of considering new opportunities and improvements in child trafficking service routes and processes as a means of second guessing how and where Recruiters, Transporters, and Exploiters, (Van Dijck, 2005), might next be found operating, and then through border and security agencies successfully countered

Co-designing smart home technology with people with dementia or Parkinson's disease

Involving users is crucial to designing technology successfully, especially for vulnerable users in health and social care, yet detailed descriptions and critical reflections on the co-design process, techniques and methods are rare. This paper introduces the PERCEPT (PERrsona-CEntred Participatory Technology) approach for the co-design process and we analyse and discuss the lessons learned for each step in this process. We applied PERCEPT in a project to develop a smart home toolset that will allow a person living with early stage dementia or Parkinson's to plan, monitor and self-manage his or her life and well-being more effectively. We present a set of personas which were co-created with people and applied throughout the project in the co-design process. The approach presented in this paper will enable researchers and designers to better engage with target user groups in co-design and point to considerations to be made at each step for vulnerable users

Systematic Review on Privacy Categorization

In the modern digital world users need to make privacy and security choices that have far-reaching consequences. Researchers are increasingly studying people's decisions when facing with privacy and security trade-offs, the pressing and time consuming disincentives that influence those decisions, and methods to mitigate them. This work aims to present a systematic review of the literature on privacy categorization, which has been defined in terms of profile, profiling, segmentation, clustering and personae. Privacy categorization involves the possibility to classify users according to specific prerequisites, such as their ability to manage privacy issues, or in terms of which type of and how many personal information they decide or do not decide to disclose. Privacy categorization has been defined and used for different purposes. The systematic review focuses on three main research questions that investigate the study contexts, i.e. the motivations and research questions, that propose privacy categorisations; the methodologies and results of privacy categorisations; the evolution of privacy categorisations over time. Ultimately it tries to provide an answer whether privacy categorization as a research attempt is still meaningful and may have a future

Agri-environmental attitudes of Chinese farmers – The impact of social and cognitive determinants

Chinas’ successfully increased food production during the last 30 years has caused significant negative external impacts and subsequent escalating environmental costs (Ash and Edmonds, 1998). This dilemma has recently become a popular issue and the government attaches great importance towards a more sustainable agricultural production (UNDP, 2006). The challenge is to enhance well-grounded approaches that accomplish of effective agricultural trainings, encouraging farmers to adopt optimized practices. According to recent decision-making theories, a successful implementation is also closely related to the target group’s social and cognitive preferences. In order to get more information about farmers’ inherent decision-making factors an explorative quantitative survey of 394 farmers was conducted in Shandong Province. Next to descriptive economic and agronomic analyses, a structural equation model gave evidence that beside farmers’ economic reasons, values and guānxi-relationships indeed show an influence on the extracted agri-environmental attitude factors as well as on manifest behaviour variables. Concluding results reveal the farmers varying preferences and give explanations out of the social and cognitive paths to explain why they behave different or have other focussed attitudes. Finally, recommendations for more effective training methods are given that consider the farmers’ individual motivations.China, agri-environmental attitudes, guānxi, SEM, values, Land Economics/Use,

Who says personas can't dance?:The use of comic strips to design information security personas

This paper presents comic strips as an approach to align personas and narrative scenarios; the resulting visual artifact was tested with information security practitioners, who often struggle with wider engagement. It offers ways in which different professional roles can work together to share understanding of complex topics such as information security. It also offers user-centered design practitioners a way to reflect on, and participate with, user research data

Persona-Centred Information Security Awareness

Maintaining Information Security and protecting data assets remains a principal concern for businesses. Many data breaches continue to result from accidental, intentional or malicious human factors, leading to financial or reputational loss. One approach towards improving behaviours and culture is with the application of on-going awareness activities. This paper presents an approach for identifying security related human factors by incorporating personas into information security awareness design and implementation. The personas, which are grounded in empirical data, offer a useful method for identifying audience needs and security risks, enabling a tailored approach to business-specific awareness activities. As a means for integrating personas, we present six on-going steps that can be embedded into business-as-usual activities with 90-day cycles of awareness themes, and evaluate our approach with a case study business. Our findings suggest a persona-centred information security awareness approach has the capacity to adapt to the time and resource required for its implementation within the business, and offer a positive contribution towards reducing or mitigating Information Security risks through security awareness