Know Your Enemy: User Segmentation Based on Human Aspects of Information Security
Users of information systems are the weakest link in information security. Considering their current information security performance is essential for improving information security training. User segmentation can help to improve information security training by dividing users into smaller groups ba...
Guardado en:
Autores principales: | , , |
---|---|
Formato: | article |
Lenguaje: | EN |
Publicado: |
IEEE
2021
|
Materias: | |
Acceso en línea: | https://doaj.org/article/c86836adbe594e6882787cf71a4372a5 |
Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
id |
oai:doaj.org-article:c86836adbe594e6882787cf71a4372a5 |
---|---|
record_format |
dspace |
spelling |
oai:doaj.org-article:c86836adbe594e6882787cf71a4372a52021-12-03T00:00:32ZKnow Your Enemy: User Segmentation Based on Human Aspects of Information Security2169-353610.1109/ACCESS.2021.3130013https://doaj.org/article/c86836adbe594e6882787cf71a4372a52021-01-01T00:00:00Zhttps://ieeexplore.ieee.org/document/9623526/https://doaj.org/toc/2169-3536Users of information systems are the weakest link in information security. Considering their current information security performance is essential for improving information security training. User segmentation can help to improve information security training by dividing users into smaller groups based on their information security performance. In this paper, we present a segmented approach for information security training of users. To test the approach, we used data collected from students at a Slovenian university (<inline-formula> <tex-math notation="LaTeX">$\text{N}=165$ </tex-math></inline-formula>) with the Human Aspects of Information Security Questionnaire (HAIS-Q). HAIS-Q data was used to divide users into groups according to their information security performance via clustering. The proposed approach inherently balances adaptation of training to the needs of users and the efforts needed to achieve it which maximizes the key benefits of existing information security training approaches. With improved personalization, it mitigates the challenges related to training boringness and lack of user motivation which are emblematic for traditional information security training approaches. The proposed approach also offers some flexibility regarding the degree of personalization and the efforts related to information security training by fine-tuning the number of user groups. Finally, the proposed approach can help to identify beneficial software security requirements during development of new information systems.Damjan FujsSimon VrhovecDamjan VavpoticIEEEarticleClustering methodscomputer securitydata processingdata visualizationinformation securityinformation systemsElectrical engineering. Electronics. Nuclear engineeringTK1-9971ENIEEE Access, Vol 9, Pp 157306-157315 (2021) |
institution |
DOAJ |
collection |
DOAJ |
language |
EN |
topic |
Clustering methods computer security data processing data visualization information security information systems Electrical engineering. Electronics. Nuclear engineering TK1-9971 |
spellingShingle |
Clustering methods computer security data processing data visualization information security information systems Electrical engineering. Electronics. Nuclear engineering TK1-9971 Damjan Fujs Simon Vrhovec Damjan Vavpotic Know Your Enemy: User Segmentation Based on Human Aspects of Information Security |
description |
Users of information systems are the weakest link in information security. Considering their current information security performance is essential for improving information security training. User segmentation can help to improve information security training by dividing users into smaller groups based on their information security performance. In this paper, we present a segmented approach for information security training of users. To test the approach, we used data collected from students at a Slovenian university (<inline-formula> <tex-math notation="LaTeX">$\text{N}=165$ </tex-math></inline-formula>) with the Human Aspects of Information Security Questionnaire (HAIS-Q). HAIS-Q data was used to divide users into groups according to their information security performance via clustering. The proposed approach inherently balances adaptation of training to the needs of users and the efforts needed to achieve it which maximizes the key benefits of existing information security training approaches. With improved personalization, it mitigates the challenges related to training boringness and lack of user motivation which are emblematic for traditional information security training approaches. The proposed approach also offers some flexibility regarding the degree of personalization and the efforts related to information security training by fine-tuning the number of user groups. Finally, the proposed approach can help to identify beneficial software security requirements during development of new information systems. |
format |
article |
author |
Damjan Fujs Simon Vrhovec Damjan Vavpotic |
author_facet |
Damjan Fujs Simon Vrhovec Damjan Vavpotic |
author_sort |
Damjan Fujs |
title |
Know Your Enemy: User Segmentation Based on Human Aspects of Information Security |
title_short |
Know Your Enemy: User Segmentation Based on Human Aspects of Information Security |
title_full |
Know Your Enemy: User Segmentation Based on Human Aspects of Information Security |
title_fullStr |
Know Your Enemy: User Segmentation Based on Human Aspects of Information Security |
title_full_unstemmed |
Know Your Enemy: User Segmentation Based on Human Aspects of Information Security |
title_sort |
know your enemy: user segmentation based on human aspects of information security |
publisher |
IEEE |
publishDate |
2021 |
url |
https://doaj.org/article/c86836adbe594e6882787cf71a4372a5 |
work_keys_str_mv |
AT damjanfujs knowyourenemyusersegmentationbasedonhumanaspectsofinformationsecurity AT simonvrhovec knowyourenemyusersegmentationbasedonhumanaspectsofinformationsecurity AT damjanvavpotic knowyourenemyusersegmentationbasedonhumanaspectsofinformationsecurity |
_version_ |
1718374014670340096 |