While good user education can hardly secure a system, we believe that poor user education can put it at serious risk. The current problem of online fraud is exasperated by the fact that most users make security decisions, such as whether to install a given piece of software or not, based on a very rudimentary understanding of risk. We describe the design principles behind SecurityCartoon.com, the first cartoon-based approach aimed at improving the understanding of risk among typical Internet users. We argue why an approach like ours is likely to produce better long-term effects than currently practiced educational efforts with the same general goals. This belief is based on the apparent difference between our approach and currently used alternatives. At the heart of these differences are the four guiding principles of our approach, 1. A research driven content selection, according to which we select educational messages based on user studies; 2. accessibility of the material, to reach and maintain a large readership; 3. user immersion in the material, based on repetitions on a theme; and 4. adaptability to a changing threat.
Research on the effectiveness of cyber security awareness in ICS Risk Assessment Frameworks
Assessing security awareness among users is essential for protecting industrial control systems (ICSs) from social...