This article outlines the process of developing a taxonomy of end user security-related behaviors, testing its consistency, and using it to conduct a U.S. survey on key end user behaviors. The study involved interviewing 110 individuals knowledgeable about end user security behaviors, conducting a behavior rating exercise with 49 IT experts, and running a U.S. survey with 1167 end users to gather self-reported data on their password-related behaviors. The results suggested that the taxonomy of end user security behaviors fit well on a two-dimensional map, with one dimension representing the level of technical knowledge required for the behavior and the other representing the intentionality of the behavior (malicious, neutral, or benevolent). The U.S. survey on non-malicious, low technical knowledge behaviors related to password creation and sharing revealed generally poor password hygiene, with significant variations across different types of organizations, such as military organizations and telecommunications companies.
Critical success factors for security education, training and awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world....