Skip to main content

Persona-Centred Information Security Awareness.

Ki-Aries, D. and Faily, S., 2017. Persona-Centred Information Security Awareness. Computers & security, 70 (September), 663-674.

Full text available as:

kifa17.pdf - Published Version
Available under License Creative Commons Attribution.


DOI: 10.1016/j.cose.2017.08.001


Maintaining Information Security and protecting data assets remains a principal concern for businesses. Many data breaches continue to result from accidental, intentional or malicious human factors, leading to financial or reputational loss. One approach towards improving behaviours and culture is with the application of on-going awareness activities. This paper presents an approach for identifying security related human factors by incorporating personas into information security awareness design and implementation. The personas, which are grounded in empirical data, offer a useful method for identifying audience needs and security risks, enabling a tailored approach to business-specific awareness activities. As a means for integrating personas, we present six on-going steps that can be embedded into business-as-usual activities with 90-day cycles of awareness themes, and evaluate our approach with a case study business. Our findings suggest a persona-centred information security awareness approach has the capacity to adapt to the time and resource required for its implementation within the business, and offer a positive contribution towards reducing or mitigating Information Security risks through security awareness.

Item Type:Article
Uncontrolled Keywords:Information security; Security awareness; Risk; Human factors; Personas
Group:Faculty of Science & Technology
ID Code:29683
Deposited By: Symplectic RT2
Deposited On:11 Sep 2017 15:15
Last Modified:14 Mar 2022 14:06


Downloads per month over past year

More statistics for this item...
Repository Staff Only -