Abstract
© 2017 Elsevier Ltd It is now readily recognised that cyber-security is not just a technical issue, with many breaches highlighting insufficient attention towards human aspects. One of the fundamental reasons for this is that people are not naturally equipped with the skills, instincts and behaviours required to ensure appropriate protection and so need support in order to help them understand what they should be doing and learn how to do it. However, looking at the evidence from surveys over the years, it becomes clear that security awareness, training and education often hold the curious distinction of being overlooked as key controls, while the lack of provision is readily recognised as a key cause of incidents. As such, this remains an area in which more could be done – and how it is done could be improved. Cyber-security is not just a technical issue. Breach after breach has shown the impact of human factors. People are not naturally equipped with the skills, instincts and behaviours required to ensure appropriate protection and so need support. However, while the lack of provision is recognised as a cause of incidents, security awareness and training are often overlooked. Steven Furnell and Ismini Vasileiou of the Centre for Security, Communications and Network Research at the University of Plymouth examine how this situation can be improved.
DOI
10.1016/S1353-4858(17)30122-8
Publication Date
2017-12-01
Publication Title
Network Security
Volume
2017
Issue
12
ISSN
1353-4858
Embargo Period
2018-12-19
Organisational Unit
School of Engineering, Computing and Mathematics
First Page
5
Last Page
9
Recommended Citation
Furnell, S., & Vasileiou, I. (2017) 'Security education and awareness: just let them burn?', Network Security, 2017(12), pp. 5-9. Available at: https://doi.org/10.1016/S1353-4858(17)30122-8