Sasse, MA;
Hielscher, J;
Friedauer, J;
Buckmann, A;
(2023)
Rebooting IT Security Awareness – How Organisations Can Encourage and Sustain Secure Behaviours.
In:
European Symposium on Research in Computer Security ESORICS 2022: Computer Security. ESORICS 2022 International Workshops.
(pp. pp. 248-265).
Springer, Cham
Preview |
Text
Sasse_978-3-031-25460-4_14.pdf Download (1MB) | Preview |
Abstract
Most organisations are using online security awareness training and simulated phishing attacks to encourage their employees to behave securely. Buying off-the-shelf training packages and making it mandatory for all employees to complete them is easy, and satisfies most regulatory and audit requirements, but does not lead to secure behaviour becoming a routine. In this paper, we identify the additional steps employees must go through to develop secure routines, and the blockers that stop a new behaviour from becoming a routine. Our key message is: security awareness as we know it is only the first step; organisations who want employees have to do more to smooth the path: they have to ensure that secure behaviour is feasible, and support their staff through the stages of the Security Behaviour Curve – concordance, self-efficacy, and embedding – for secure behaviour to become a routine. We provide examples of those organisational activities, and specific recommendations to different organisational stakeholders.
| Type: | Proceedings paper |
|---|---|
| Title: | Rebooting IT Security Awareness – How Organisations Can Encourage and Sustain Secure Behaviours |
| Event: | European Symposium on Research in Computer Security |
| ISBN-13: | 9783031254598 |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1007/978-3-031-25460-4_14 |
| Publisher version: | https://doi.org/10.1007/978-3-031-25460-4_14 |
| Language: | English |
| Additional information: | This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made. |
| Keywords: | Security learning curve, Security awareness, Security training, IT-security for IT professionals, Organisational security, Human factors in IT security |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery-pp.ucl.ac.uk/id/eprint/10173711 |
Archive Staff Only
 |
View Item |
