User empowerment and raising awarenes about information security |
How do we empower users to protect their information better – are information security awareness campgaigns the key on the road to success? |
get some isnights and answers why your efforts in the past may have failed |
Recently we posted:
– 1 – govcert.nl 2007 conference – user empowerment and information security
Today we do a follow up.
Urs E. Gattiker, Founder and CTO CyTRAP Labs, Switzerland gave a presentation about:
Why info information security awareness initiatives have failed and will continue to do so
The above link provides you with the slides presented in pdf format including hyperlinks to get access to the sources used to make a case for what was presented.
Below we provide you with a short summary that you can download as well (see link further down).
SUMMARY
Corporations and Member States of the European Union have made great efforts to raise user awareness regarding information security (e.g., ENISA study – information security awareness initiatives) . As well, we can find many educational interventions that were designed to raise information security awareness by changing adolescents’ knowledge, beliefs, or attitudes regarding information security. With additional training and information it was hoped that risk taking would change, thereby improving security and, most importantly, reducing malware infections that have also exacerbated the amount of spam we get thanks to botnets.
Unfortunately, these efforts have been largely ineffective. Adolescents and college-age individuals have in the past and will continue to take more risks than children or adults do, as indicated by statistics on automobile crashes, binge drinking, contraceptive use, identity theft and internet stalking.
What does this mean for the prevention of unhealthy risk taking in adolescence and information security related matters? Extant research suggests that it is not the way adolescents think or what they don’t know or understand that is the problem. In fact, educational interventions designed to change how adolescents view risky activities on social networks in cyberspace or data privacy will not result in better prevention. However, shifting focus on limiting opportunities for immature judgment to have harmful consequences appears to be a more viable strategy.
In light of studies showing familial influences on psychosocial maturity in adolescence, understanding how contextual factors influence the development of self-regulation is a high priority to help improve information security. Limiting opportunities for immature judgment and how this might help in changing risk taking in adolescents (11 – 25 years of age – reasoning abilities and psychosocial capacities) when surfing the internet is at the core of this presentation.
Download this summary as a pdf
RELATED
Check out the full program here:
SUBSCRIPTION
To make it more convenient for you to take advantage of CyTRAP Labs’ offerings, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs.
Pingback: CyTRAP Labs - EU-IST - we help protect since 2000 » Blog Archive » 2 One Laptop per Child (OLP) - GovCert.NL symposium - empowerment for end-users working with their desktops
Pingback: CyTRAP Labs - EU-IST - we help protect since 2000 » Blog Archive » 4 user empowerment and botnets - Japan’s Cyber Clean Center - a pragmatic approach
Pingback: CyTRAP Labs - EU-IST - we help protect since 2000 » Blog Archive » 3 empowerment for end-users - 5 factors that decide about the outcome