Abstract
It sometimes seems that every IT user is a com- batant, engaged in a battle with multitudes of hackers across the globe. This battle is unevenly biased in favor of the hackers, because people routinely act in ways that open doors for hackers, thereby enabling their nefarious activities. If current approaches to raising security awareness were working the hackers would not be having as much success in attacking systems. It is time to reconsider how we design, formulate and deliver security awareness training. In this paper we propose using a technique borrowed from the health arena, "Intervention Mapping," to target security awareness training more effectively. We detail the different phases of the methodology and give an example to show how it was applied to an SME. The purpose of this paper is to open a discourse in the community about how we can arrive at more effective awareness-raising endeavors.
| Original language | English |
|---|---|
| Number of pages | 9 |
| Publication status | Published - 21 Jun 2017 |
| Event | 12th Annual Symposium on Information Security - Albany, United States Duration: 7 Jun 2017 → 8 Jun 2017 https://www.wisporg.com/events-calendar/2017/6/7/12th-annual-symposium-on-information-security-asia-17 |
Conference
| Conference | 12th Annual Symposium on Information Security |
|---|---|
| Abbreviated title | ASIA'17 |
| Country/Territory | United States |
| City | Albany |
| Period | 7/06/17 → 8/06/17 |
| Internet address |
Keywords
- intervention mapping
- cyber-defense deficit