Abstract:
Information security and privacy threats are rising, and significant costs result
from the information loss and the business disruption that ensues. In response
to this growing issue, organizational spending on IT security is at an all-time
high, with global information security spending expected to be more than
$124 billion in 2019 (Moore & Keen, 2019).
Technical protections are part of the solution but improving human security
behaviour is integral to effective protection. Even the best technology, if used
improperly or rejected by users, can leave an organization vulnerable. The
human side of information security is being tackled from many angles by
many researchers around the world. Some of the areas being investigated
include how to deliver effective security training and awareness initiatives,
how to improve users’ ability to remember passwords and how to create an
effective organisational security culture. This address shares some of the
information security and privacy research my colleagues and I have
undertaken and discusses areas that require more attention. The presentation
focusses on the following research question
