While good user education can hardly secure a system, we believe that poor user education can put it at serious risk. The current problem of online fraud is exasperated by the fact that most users make security decisions, such as whether to install a given piece of software or not, based on a very rudimentary understanding of risk. We describe the design principles behind SecurityCartoon.com, the first cartoon-based approach aimed at improving the understanding of risk among typical Internet users. We argue why an approach like ours is likely to produce better long-term effects than currently practiced educational efforts with the same general goals. This belief is based on the apparent difference between our approach and currently used alternatives. At the heart of these differences are the four guiding principles of our approach, 1. A research driven content selection, according to which we select educational messages based on user studies; 2. accessibility of the material, to reach and maintain a large readership; 3. user immersion in the material, based on repetitions on a theme; and 4. adaptability to a changing threat.
Critical success factors for security education, training and awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world....