Protecting assets within organizations through technological measures continues to remain an ongoing problem in cyber security domain. There is extensive literature pointing to the “human-element” being a significant factor in security breaches – whether than be intentional or unintentional. Current endeavors to raise the level of information security awareness within individuals have arguably not been effective as required – evidenced by the ongoing breaches caused by people. Enhancing user’s security practice and behaviours is a multifaceted problem and remains a challenging issue. This paper focuses on enhancing individual user’s security compliance in real-time through an intervention-based approach. The proposed framework continuously identifies users’ security behaviours in relation to their individual role/job responsibilities and prior training to provide an intelligent, targeted, and tailored intervention. The framework comprises various interconnected components and utilizes several sources including active evaluation, monitoring, role/job responsibilities, and manager observations to feed into an assessment of the individual users’ needs. Different mechanisms seek to identify the reasons behind their non-compliance; and provide a targeted and tailored series of interventions to maximize the likelihood of improved security behaviours and compliance.

Authors: Zinnar Ghasem, Nathan Clarke, Steven Furnell

Published in: International Conference for Internet Technology and Secured Transactions (ICITST-2023)

  • Date of Conference: 13-15 November 2023
  • DOI: 10.20533/ICITST.2023.0005
  • ISBN: 978-1-913572-63-1
  • Conference Location: St Anne’s College, Oxford University, UK