Abstract

© 2017 Elsevier Ltd It is now readily recognised that cyber-security is not just a technical issue, with many breaches highlighting insufficient attention towards human aspects. One of the fundamental reasons for this is that people are not naturally equipped with the skills, instincts and behaviours required to ensure appropriate protection and so need support in order to help them understand what they should be doing and learn how to do it. However, looking at the evidence from surveys over the years, it becomes clear that security awareness, training and education often hold the curious distinction of being overlooked as key controls, while the lack of provision is readily recognised as a key cause of incidents. As such, this remains an area in which more could be done – and how it is done could be improved. Cyber-security is not just a technical issue. Breach after breach has shown the impact of human factors. People are not naturally equipped with the skills, instincts and behaviours required to ensure appropriate protection and so need support. However, while the lack of provision is recognised as a cause of incidents, security awareness and training are often overlooked. Steven Furnell and Ismini Vasileiou of the Centre for Security, Communications and Network Research at the University of Plymouth examine how this situation can be improved.

DOI

10.1016/S1353-4858(17)30122-8

Publication Date

2017-12-01

Publication Title

Network Security

Volume

2017

Issue

12

First Page

5

Last Page

9

ISSN

1353-4858

Embargo Period

2018-12-19

Organisational Unit

School of Engineering, Computing and Mathematics

Download

Share

COinS