Eliciting Persona Characteristics for Risk Based Decision Making

Personas are behavioural specifications of archetypical users in Human Factors Engineering and User Interaction research aimed at preventing biased views system designers may have of users. Personas are therefore nuanced representations of goals and expectations that should be addressed when designing systems. Previous work has shown how personas may be validated by grounding in qualitative models; however, more evidence is needed on the applicability for grounding models in risk decision making research. We present an approach for eliciting persona characteristics for risk-based decision making by using Observe Orient Decide Act (OODA) as a modelling baseline. The approach illustrates how modelling personas based on decision makers’ understanding of risk facilitates designing for risk and uncertainty

Persona-driven information security awareness.

Because human factors are a root cause of security breaches in many organisations, security awareness activities are often used to address problematic behaviours and improve security culture. Previous work has found that personas are useful for identifying audience needs and goals, when designing and implementing awareness campaigns. We present a six-step security awareness process both driven by and centred around the use of personas. This can be embedded into business-as-usual activities, with 90-day cycles of awareness themes. We evaluated this process by using it to devise a security awareness campaign for a digital agency. Our results suggest a persona-centred security awareness approach is adaptable to business constraints, and contributes towards addressing security risks