Know Your Enemy: User Segmentation Based on Human Aspects of Information Security

Users of information systems are the weakest link in information security. Considering their current information security performance is essential for improving information security training. User segmentation can help to improve information security training by dividing users into smaller groups ba...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Damjan Fujs, Simon Vrhovec, Damjan Vavpotic
Formato: article
Lenguaje:EN
Publicado: IEEE 2021
Materias:
Acceso en línea:https://doaj.org/article/c86836adbe594e6882787cf71a4372a5
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:c86836adbe594e6882787cf71a4372a5
record_format dspace
spelling oai:doaj.org-article:c86836adbe594e6882787cf71a4372a52021-12-03T00:00:32ZKnow Your Enemy: User Segmentation Based on Human Aspects of Information Security2169-353610.1109/ACCESS.2021.3130013https://doaj.org/article/c86836adbe594e6882787cf71a4372a52021-01-01T00:00:00Zhttps://ieeexplore.ieee.org/document/9623526/https://doaj.org/toc/2169-3536Users of information systems are the weakest link in information security. Considering their current information security performance is essential for improving information security training. User segmentation can help to improve information security training by dividing users into smaller groups based on their information security performance. In this paper, we present a segmented approach for information security training of users. To test the approach, we used data collected from students at a Slovenian university (<inline-formula> <tex-math notation="LaTeX">$\text{N}=165$ </tex-math></inline-formula>) with the Human Aspects of Information Security Questionnaire (HAIS-Q). HAIS-Q data was used to divide users into groups according to their information security performance via clustering. The proposed approach inherently balances adaptation of training to the needs of users and the efforts needed to achieve it which maximizes the key benefits of existing information security training approaches. With improved personalization, it mitigates the challenges related to training boringness and lack of user motivation which are emblematic for traditional information security training approaches. The proposed approach also offers some flexibility regarding the degree of personalization and the efforts related to information security training by fine-tuning the number of user groups. Finally, the proposed approach can help to identify beneficial software security requirements during development of new information systems.Damjan FujsSimon VrhovecDamjan VavpoticIEEEarticleClustering methodscomputer securitydata processingdata visualizationinformation securityinformation systemsElectrical engineering. Electronics. Nuclear engineeringTK1-9971ENIEEE Access, Vol 9, Pp 157306-157315 (2021)
institution DOAJ
collection DOAJ
language EN
topic Clustering methods
computer security
data processing
data visualization
information security
information systems
Electrical engineering. Electronics. Nuclear engineering
TK1-9971
spellingShingle Clustering methods
computer security
data processing
data visualization
information security
information systems
Electrical engineering. Electronics. Nuclear engineering
TK1-9971
Damjan Fujs
Simon Vrhovec
Damjan Vavpotic
Know Your Enemy: User Segmentation Based on Human Aspects of Information Security
description Users of information systems are the weakest link in information security. Considering their current information security performance is essential for improving information security training. User segmentation can help to improve information security training by dividing users into smaller groups based on their information security performance. In this paper, we present a segmented approach for information security training of users. To test the approach, we used data collected from students at a Slovenian university (<inline-formula> <tex-math notation="LaTeX">$\text{N}=165$ </tex-math></inline-formula>) with the Human Aspects of Information Security Questionnaire (HAIS-Q). HAIS-Q data was used to divide users into groups according to their information security performance via clustering. The proposed approach inherently balances adaptation of training to the needs of users and the efforts needed to achieve it which maximizes the key benefits of existing information security training approaches. With improved personalization, it mitigates the challenges related to training boringness and lack of user motivation which are emblematic for traditional information security training approaches. The proposed approach also offers some flexibility regarding the degree of personalization and the efforts related to information security training by fine-tuning the number of user groups. Finally, the proposed approach can help to identify beneficial software security requirements during development of new information systems.
format article
author Damjan Fujs
Simon Vrhovec
Damjan Vavpotic
author_facet Damjan Fujs
Simon Vrhovec
Damjan Vavpotic
author_sort Damjan Fujs
title Know Your Enemy: User Segmentation Based on Human Aspects of Information Security
title_short Know Your Enemy: User Segmentation Based on Human Aspects of Information Security
title_full Know Your Enemy: User Segmentation Based on Human Aspects of Information Security
title_fullStr Know Your Enemy: User Segmentation Based on Human Aspects of Information Security
title_full_unstemmed Know Your Enemy: User Segmentation Based on Human Aspects of Information Security
title_sort know your enemy: user segmentation based on human aspects of information security
publisher IEEE
publishDate 2021
url https://doaj.org/article/c86836adbe594e6882787cf71a4372a5
work_keys_str_mv AT damjanfujs knowyourenemyusersegmentationbasedonhumanaspectsofinformationsecurity
AT simonvrhovec knowyourenemyusersegmentationbasedonhumanaspectsofinformationsecurity
AT damjanvavpotic knowyourenemyusersegmentationbasedonhumanaspectsofinformationsecurity
_version_ 1718374014670340096