Communications of the ACM
Five dimensions of information security awareness
ACM SIGCAS Computers and Society
Creating persuasive technologies: an eight-step design process
Proceedings of the 4th International Conference on Persuasive Technology
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Stories as informal lessons about security
Proceedings of the Eighth Symposium on Usable Privacy and Security
Hi-index | 0.00 |
Many organisations run security awareness programmes with the aim of improving end user behaviours around information security. Yet behavioural research tells us that raising awareness will not necessarily lead to behaviour change. In this paper we examine the challenge of changing end user behaviour and put forward social marketing as a new paradigm. Social marketing is a proven framework for achieving behavioural change and has traditionally been used in health care interventions, although there is an increasing recognition that it could be successfully applied to a broader range of behaviour change issues. It has yet to be applied however, to information security in an organizational context. We explore the social marketing framework in relation to information security behavioural change and highlight the key challenges that this approach poses for information security managers. We conclude with suggestions for future research.