FeatureJumping security hurdles
Section snippets
Hurdles facing the user
The perceived hurdles are summarised below, with the points in brackets essentially representing the questions that users need to ask themselves in order to overcome the challenge:
Perception (what is it?): how threats and their associated security measures are viewed by those that they affect. If users do not understand how threats relate to them, or dislike the idea of particular forms of security (eg, monitoring measures), then this can present an immediate barrier to effective usage.
In many
Doing something about it
As presented here, the latter three hurdles all relate back to aspects of the same underlying question. This reflects the fact that, past a certain point, success means that users need not only to acknowledge and accept security issues, but to be able to do something about them.
The overall process is shown diagrammatically in Figure 1, noting that this applies to security as a broad issue as well as to the handling of each individual threat or control that users are expected to face. The layout
Jumping the hurdles
Different solutions need different actions, and often from different actors. For example, many parties – including vendors, service providers, government, etc – can improve user perceptions, but the hurdles of priority (and potentially responsibility) are perhaps more personal issues, which users themselves need to consider. However, here, others can at least assist users' thinking (eg, by highlighting the things that will not be done for them by anyone else).
In terms of practical strategies,
Conclusions
The discussion has identified a range of hurdles that need to be overcome in getting individual users to a point where they can accept and act upon their security responsibilities. Although some level of success can still be achieved without this (eg, legislative requirements may oblige users to follow certain security practices regardless of whether they accept personal responsibility or not), progression towards a true security culture is much more likely if all of the foundations have been
About the author
Professor Steven Furnell is the head of the Centre for Security, Communications & Network Research at the University of Plymouth, UK, and an adjunct professor with Edith Cowan University in Western Australia. His interests include security management and culture, computer crime, user authentication and security usability. Furnell is active within three working groups of the International Federation for Information Processing (IFIP) – namely Information Security Management,
References (11)
- et al.
‘Security beliefs and barriers for novice Internet users’
Computers & Security
(2008) - Kawamoto, D. 2004. ‘Human Firewall gets new owner’, CNET News, 25 June...
- Symantec. 2010. Symantec Internet Security Threat Report – Trends for 2009, Volume XV, Symantec Enterprise Security,...
- Atkinson, S, Furnell, S and Phippen, A 2009. ‘Securing the next generation: enhancing e-safety awareness among young...
- BBC. 2010. ‘Facebook privacy settings to be made simpler’, BBC News Online, 26 May...
Cited by (14)
Social networks - Access all areas?
2011, Computer Fraud and SecurityCitation Excerpt :The mechanisms available for restricting access if they wish to do so. However, as with other areas in which end users have a role to play, there are several potential hurdles for them to overcome before they are in a position to protect themselves.4 The initial challenges here are perception, priority and responsibility – essentially requiring the user to recognise that there is an issue to be addressed, that it is important, and that it is down to them to deal with it rather than expecting someone else to take care of it.
Perceptions of cyber bullying in primary and secondary schools among student teachers in the Eastern Cape Province of South Africa
2020, Electronic Journal of Information Systems in Developing CountriesCyber Safety Awareness – Through the Lens of 21st Century Learning Skills and Game-Based Learning
2019, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)Enhancement of cybersecurity awareness program on personal data protection among youngsters in Malaysia: An assessment
2019, Malaysian Journal of Computer SciencePersonalising Security Education: Factors Influencing Individual Awareness and Compliance
2019, Communications in Computer and Information Science
About the author
Professor Steven Furnell is the head of the Centre for Security, Communications & Network Research at the University of Plymouth, UK, and an adjunct professor with Edith Cowan University in Western Australia. His interests include security management and culture, computer crime, user authentication and security usability. Furnell is active within three working groups of the International Federation for Information Processing (IFIP) – namely Information Security Management, Information Security Education, and Human Aspects of Information Security & Assurance. He is the author of over 190 papers in refereed international journals and conference proceedings, as well as books including: Cybercrime: Vandalizing the Information Society (2001); and Computer Insecurity: Risking the System (2005). Further details can be found at www.plymouth.ac.uk/cscan.