2 research outputs found
Eliciting Persona Characteristics for Risk Based Decision Making
Personas are behavioural specifications of archetypical users in Human Factors Engineering and User Interaction
research aimed at preventing biased views system designers may have of users. Personas are therefore nuanced
representations of goals and expectations that should be addressed when designing systems. Previous work has
shown how personas may be validated by grounding in qualitative models; however, more evidence is needed on
the applicability for grounding models in risk decision making research. We present an approach for eliciting
persona characteristics for risk-based decision making by using Observe Orient Decide Act (OODA) as a modelling
baseline. The approach illustrates how modelling personas based on decision makers’ understanding of risk
facilitates designing for risk and uncertainty
Persona-driven information security awareness.
Because human factors are a root cause of security breaches in many organisations, security awareness activities are often used to address problematic behaviours and improve security culture. Previous work has found that personas are useful for identifying audience needs and goals, when designing and implementing awareness campaigns. We present a six-step security awareness process both driven by and centred around the use of personas. This can be embedded into business-as-usual activities, with 90-day cycles of awareness themes. We evaluated this process by using it to devise a security awareness campaign for a digital agency. Our results suggest a persona-centred security awareness approach is adaptable to business constraints, and contributes towards addressing security risks