A novel approach for improving information security management and awareness for home environments

Purpose The human factor is a major consideration in securing systems. A wide and increasing range of different technologies, devices, platforms, applications and services are being used every day by home users. In parallel, home users are also experiencing a range of different online threats and attacks and are increasingly being targeted as they lack the knowledge and awareness about potential threats and how to protect themselves. The increase in technologies and platforms also increases the burden upon a user to understand how to apply security across differing technologies, operating systems and applications. This results in managing the security across their technology portfolio increasingly more troublesome and time consuming. This paper aims to propose an approach that attempts to propose a system for improving security management and awareness for home users. Design/methodology/approach The proposed system is capable of creating and assigning different security policies for different digital devices in a user-friendly fashion. These assigned policies are monitored, checked and managed to review the user’s compliance with the assigned policies to provide bespoke awareness content based on the user’s current needs. Findings A novel framework was proposed for improving information security management and awareness for home users. In addition, a mock-up design was developed to simulate the proposed approach to visualise the main concept and the functions which might be performed when it is deployed in a real environment. A number of different scenarios have been simulated to show how the system can manage and deal with different types of users, devices and threats. In addition, the proposed approach has been evaluated by experts in the research domain. The overall feedback is positive, constructive and encouraging. The experts agreed that the identified research problem is a real problem. In addition, they agreed that the proposed approach is usable, feasible and effective in improving security management and awareness for home users. Research limitations/implications The proposed design of the system is a mock-up design without real data. Therefore, implementing the proposed approach in a real environment can provide the researcher with a better understanding of the effectiveness and the functionality of the proposed approach. Practical implications This study offers a framework and usable mock-up design which can help in improving information security management for home users. Originality/value Improving the security management and awareness for home users by monitoring, checking and managing different security controls and configurations effectively are the key to strengthen information security. Therefore, when home users have a good level of security management and awareness, this could protect and secure the home network and subsequently business infrastructure and services as well.

[1]  Elmarie Kritzinger,et al.  Cyber security for home users: A new way of protection through awareness enforcement , 2010, Comput. Secur..

[2]  Terry Anthony Byrd,et al.  Information security policy: An organizational-level process model , 2009, Comput. Secur..

[3]  Bryan Watson,et al.  On the User Awareness of Mobile Security Recommendations , 2017, ACM Southeast Regional Conference.

[4]  Sebastiaan H. von Solms,et al.  Solving security issues using Information Security Awareness Portal , 2009, 2009 International Conference for Internet Technology and Secured Transactions, (ICITST).

[5]  Steven Furnell,et al.  Holistic Information Security Management for Home Environments , 2019, HAISA.

[6]  Yang Xiao,et al.  A survey of distributed denial-of-service attack, prevention, and mitigation techniques , 2017, Int. J. Distributed Sens. Networks.

[7]  Melanie Volkamer,et al.  Design and Field Evaluation of PassSec: Raising and Sustaining Web Surfer Risk Awareness , 2015, TRUST.

[8]  Mariki M. Eloff,et al.  Towards an automated security awareness system in a virtualized environment , 2012 .

[9]  Hossein Jahankhani,et al.  Improved Awareness on Fake Websites and Detecting Techniques , 2011, ICGS3/e-Democracy.

[10]  Eugene Fink,et al.  SmartNotes: Application of crowdsourcing to the detection of web threats , 2011, 2011 IEEE International Conference on Systems, Man, and Cybernetics.

[11]  E. Kritzinger,et al.  Home user security- from thick security-oriented home users to thin security- oriented home users , 2013, 2013 Science and Information Conference.

[12]  Steven Furnell,et al.  An analysis of home user security awareness & education , 2017, 2017 12th International Conference for Internet Technology and Secured Transactions (ICITST).

[13]  Nathan Clarke,et al.  Web-Based Risk Analysis for Home Users , 2012 .

[14]  Elizabeth Sillence,et al.  It won't happen to me: Promoting secure behaviour among internet users , 2010, Comput. Hum. Behav..

[15]  Alex Pentland,et al.  Social Information Leakage: Effects of Awareness and Peer Pressure on User Behavior , 2014, HCI.

[16]  Steven Furnell,et al.  Assessing the security perceptions of personal Internet users , 2007, Comput. Secur..

[17]  Umesh Hodeghatta Rao Xavier,et al.  Study of internet security threats among home users , 2012, 2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN).

[18]  Robert LaRose,et al.  Promoting personal responsibility for internet safety , 2008, CACM.

[19]  Maria Papadaki,et al.  Improving Awareness of Social Engineering Attacks , 2009, World Conference on Information Security Education.

[20]  Alexander De Luca,et al.  Using data type based security alert dialogs to raise online security awareness , 2011, SOUPS.

[21]  Mohammad Rahim,et al.  A Socio-Behavioral Study of Home Computer Users' Intention to Practice Security , 2005, PACIS.

[22]  Zinta S. Byrne,et al.  The Psychology of Security for the Home Computer User , 2012, 2012 IEEE Symposium on Security and Privacy.

[23]  Ivan Flechais,et al.  Informal Support Networks: an investigation into Home Data Security Practices , 2018, SOUPS @ USENIX Security Symposium.