Personalising Security Education: Factors Influencing Individual Awareness and Compliance

Security education and awareness are frequently overlooked for users in both workplace and personal contexts, and even where some level of provision is offered it is rarely done in a manner that is matched specifically to the needs of the audience. However, by personalising the provision, and making the presentation and messaging more appropriate to the individuals receiving it, there is a greater chance of achieving understanding, engagement, and resultant compliance. This paper examines the gap that exists between the typical and desirable provision of security education. It highlights baseline areas of security literacy that ought to be applicable to all users, but then illustrates how variations in individuals’ understanding of threshold concepts could complicate the task of delivering the related education. It is proposed that security education should be more tailored, recognising factors such as the user’s role, prior knowledge, learning style, and current perception of security, in order to deliver a more personalised security education plan that is framed towards individual circumstances and can be delivered in a manner that suits their needs.