Privacy and IT Security Education, Training and Awareness

  • Background:

    As society increasingly relies on Internet services like online banking and e-commerce, the exchange of sensitive personal information has become commonplace. This information often includes home addresses, financial data, and other personally identifiable details that, if compromised, can lead to significant consequences, such as identity theft, financial loss, and erosion of privacy. In recent years, there has been a marked increase in the number and severity of data breaches and cyberattacks involving major service providers, such as Facebook (LINK) and T-Mobile (LINK). One of the critical factors contributing to these security incidents is the lack of user awareness and understanding regarding cybersecurity and privacy best practices. Many individuals are not adequately informed about the risks they face online or the steps they can take to protect themselves. This gap in knowledge and awareness can lead to poor security behaviors, such as weak password management, susceptibility to phishing attacks, and the inadvertent sharing of sensitive information. The increasing complexity of digital environments necessitates a more robust and proactive approach to privacy and security education. Traditional methods of raising awareness, such as informational campaigns or generic advice, often fail to develop the needed skills and knowledge. Therefore, we need to develop educational systems designed to equip users with the knowledge they need to protect their personal information effectively.

     

    Objective(s):

    This is an umbrella topic since topics of interest change rapidly. A specific topic will be selected during the first meeting. Possible topics include, but are not limited to:

    • Literature review on educational systems for usable privacy and security.
    • User-centered requirements analysis for educational systems for usable privacy and security.
    • Content design for educational systems for usable privacy and security.

     

    Introductory literature:

    • Hu, S., Hsu, C., & Zhou, Z. (2022). Security education, training, and awareness programs: Literature review. Journal of Computer Information Systems, 62(4), 752-764.
    • Alyami, A., Sammon, D., Neville, K., & Mahony, C. (2023). The critical success factors for Security Education, Training and Awareness (SETA) program effectiveness: a lifecycle model. Information Technology & People, 36(8), 94-125.
    • Kirova, D., & Baumöl, U. (2018). Factors that affect the success of security education, training, and awareness programs: A literature review. Journal of Information Technology Theory and Application (JITTA), 19(4), 4.
    • Rizi, M. H. P., & Seno, S. A. H. (2022). A systematic review of technologies and solutions to improve security and privacy protection of citizens in the smart city. Internet of Things, 20, 100584.