Using intervention mapping to breach the cyber-defense deficit

Renaud, Karen and Warkentin, Merrill (2017) Using intervention mapping to breach the cyber-defense deficit. In: 12th Annual Symposium on Information Security, 2017-06-07 - 2017-06-08.

[thumbnail of Renaud-Warkentin-SIS-2017-Using-intervention-mapping-to-breach-the-cyber-defense-deficit]
Preview
Text. Filename: Renaud_Warkentin_SIS_2017_Using_intervention_mapping_to_breach_the_cyber_defense_deficit.pdf
Accepted Author Manuscript
License: Strathprints license 1.0

Download (632kB)| Preview

Abstract

It sometimes seems that every IT user is a com- batant, engaged in a battle with multitudes of hackers across the globe. This battle is unevenly biased in favor of the hackers, because people routinely act in ways that open doors for hackers, thereby enabling their nefarious activities. If current approaches to raising security awareness were working the hackers would not be having as much success in attacking systems. It is time to reconsider how we design, formulate and deliver security awareness training. In this paper we propose using a technique borrowed from the health arena, "Intervention Mapping," to target security awareness training more effectively. We detail the different phases of the methodology and give an example to show how it was applied to an SME. The purpose of this paper is to open a discourse in the community about how we can arrive at more effective awareness-raising endeavors.

ORCID iDs

Renaud, Karen ORCID logoORCID: https://orcid.org/0000-0002-7187-6531 and Warkentin, Merrill;