Skip to main content Accessibility help
×
Home

From Innocent Irene to Parental Patrick: Framing User Characteristics and Personas to Design for Cybersecurity

  • Euiyoung Kim (a1), JungKyoon Yoon (a2), Jieun Kwon (a3), Tiffany Liaw (a4) and Alice M. Agogino (a5)...

Abstract

With the surging number of digital devices penetrating our daily routines, the risks inherent to cybersecurity—the protection of data on digital products connected to the Internet—have also increased since these devices (e.g., connected home devices, personal monitoring) collect, process, analyze and store users’ sensitive personal information. Thus, there is a pressing need to assist users in being aware of and dealing with potential cybersecurity threats. With the proposition that fulfilling the need starts with developing an in-depth understanding of the user behaviors in the context of cybersecurity, an exploratory study was conducted that employed three mixed qualitative and quantitative research methods—a trend analysis, an interview study, and an online survey study. The paper reports the user characteristics on (1) awareness levels of cybersecurity issues, (2) uses of digital devices, and (3) means of dealing with the privacy issues in product use. The results of the studies were translated into eight personas that systematically reflect distinct characteristics of users, which can help designers empathize with their potential users vulnerable to cybersecurity risks.

    • Send article to Kindle

      To send this article to your Kindle, first ensure no-reply@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about sending to your Kindle. Find out more about sending to your Kindle.

      Note you can select to send to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be sent to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

      Find out more about the Kindle Personal Document Service.

      From Innocent Irene to Parental Patrick: Framing User Characteristics and Personas to Design for Cybersecurity
      Available formats
      ×

      Send article to Dropbox

      To send this article to your Dropbox account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Dropbox.

      From Innocent Irene to Parental Patrick: Framing User Characteristics and Personas to Design for Cybersecurity
      Available formats
      ×

      Send article to Google Drive

      To send this article to your Google Drive account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Google Drive.

      From Innocent Irene to Parental Patrick: Framing User Characteristics and Personas to Design for Cybersecurity
      Available formats
      ×

Copyright

This is an Open Access article, distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives licence (http://creativecommons.org/licenses/by-nc-nd/4.0/), which permits non-commercial re-use, distribution, and reproduction in any medium, provided the original work is unaltered and is properly cited. The written permission of Cambridge University Press must be obtained for commercial re-use or in order to create a derivative work.

Corresponding author

Contact: Kim, Euiyoung, University of California, Berkeley / Delft University of Technology, Mechanical Engineering / Industrial Design Engineering, United States of America, euiyoungkim@berkeley.edu

References

Hide All
Abawajy, J. (2014), “User preference of cyber security awareness delivery methods”, Behaviour & Information Technology, Vol. 33 No. 3, pp. 237248. https://doi.org/10.1080/0144929x.2012.708787.
Adlin, T. and Pruitt, J. (2010), “The essential persona lifecycle: Your guide to building and using personas”, Morgan Kaufmann.
Armerding, T. (2018), The 17 biggest data breaches of the 21st century. [online] Available at: https://www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html (accessed date November 25, 2018)
Atzori, L., Iera, A. and Morabito, G. (2010), The internet of things: A survey. Computer networks, Vol. 54 No. 15, pp. 27872805.
Bada, M. and Sasse, A. (2014), “Cyber security awareness campaigns: Why do they fail to change behaviour?”, Global Cyber Security Capacity Centre.
Bernd, J., Gordo, B., Choi, J., Morgan, B., Henderson, N., Egelman, S., Garcia, D.D. and Friedland, G. (2015), “Teaching privacy: Multimedia making a difference”, IEEE MultiMedia, No. 1, pp. 1219.
Blomquist, Å. and Arvola, M. (2002), “Personas in action: ethnography in an interaction design team”, In Proceedings of the second Nordic conference on Human-computer interaction, ACM, pp. 197200.
Bruijn, H. and Janssen, M. (2017), “Building cybersecurity awareness: The need for evidence-based framing strategies”, Government Information Quarterly, Vol. 34, pp. 17. https://doi.org/10.1016/j.giq.2017.02.007.
Chang, Y. N., Lim, Y. K. and Stolterman, E. (2008), “Personas: from theory to practices”, In Proceedings of the 5th Nordic conference on Human-computer interaction: building bridges, ACM, pp. 439442.
Cooper, A. (1999), “The Inmates are Running the Asylum”, In: Arend, U., Eberleh, E., Pitschke, K. (eds) Software-Ergonomie ’99. Berichte des German Chapter of the ACM, Vol. 53. Vieweg+Teubner Verlag, Wiesbaden. https://doi.org/10.1007/978-3-322-99786-9_1
Faily, S. and Flechais, I. (2011), “Persona cases: a technique for grounding personas”, In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 22672270. ACM. https://doi.org/10.1145/1978942.1979274
Friess, E. (2012), “Personas and decision making in the design process: an ethnographic case study”, In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 12091218.
Gubbi, J., Buyya, R., Marusic, S. and Palaniswami, M. (2013), “Internet of Things (IoT): A vision, architectural elements, and future directions”, Future generation computer systems, Vol. 29 No. 7, pp. 16451660. https://doi.org/10.1016/j.future.2013.01.010.
Harknett, R.J. and Stever, J.A. (2011), “The new policy world of cybersecurity”, Public Administration Review, Vol. 71 No. 3, pp. 455460.
Johnston, J., Rodney, A. and Chong, P. (2014), “Making change in the kitchen? A study of celebrity cookbooks, culinary personas, and inequality”, Poetics, Vol. 47, pp. 122.
Kim, E., Jensen, M.B., Poreh, D. and Agogino, A.M. (2018), “Novice designer's lack of awareness to cybersecurity and data vulnerability in new concept development of mobile sensing devices”, In DS92: Proceedings of the DESIGN 2018 15th International Design Conference, Dubrovnik, Croatia, pp. 20352044. https://doi.org/10.21278/idc.2018.0461
Kim, E., Kocsik, V.S., Basnage, C.E. and Agogino, A.M. (2013), “Human-centric study of digital-paper transitions: framing design opportunity spaces”, International Conference on Engineering Design (ICED13), The Design Society, Seoul, Korea, 19-22.08. 2013.
Marble, J., Lawless, W., Mittu, R., Coyne, J., Abramson, M. and Sibley, C. (2014), “The Human Factor in Cybersecurity: Robust & Intelligent Defense”, Cyber Warfare, Vol. 56, pp. 173206. https://doi.org/10.1007/978-3-319-14039-1_9.
Massanari, A. (2010), “Designing for imaginary friends: information architecture, personas, and the politics of user-centered design”, New Media & Society, Vol. 12 No. 3, pp. 401416. https://doi.org/10.1057/palgrave.ivs.9500066.
Miaskiewicz, T. and Kozar, K.A. (2011), “Personas and user-centered design: How can personas benefit product design processes?”, Design Studies, Vol. 32 No. 5, pp. 417430. https://doi.org/10.1016/j.destud.2011.03.003.
McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M. and Pattinson, M. (2017), “Individual differences and information security awareness”, Computers in Human Behavior, Vol. 69, pp. 151156.
McGinn, J.J. and Kotamraju, N. (2008), “Data-driven persona development”, Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 15211524. ACM. https://doi.org/10.1145/1357054.1357292
McKenna, S., Staheli, D. and Meyer, M. (2015), “Unlocking user-centered design methods for building cyber security visualizations”, Visualization for Cyber Security (VizSec), 2015 IEEE Symposium on, pp. 18. IEEE. https://doi.org/10.1109/vizsec.2015.7312771.
National Institute of Standard and Technology, NICE https://www.nist.gov/itl/applied-cybersecurity/nice/about/strategic-plan
Newhouse, W., Keith, S., Scribner, B. and Witte, G. (2017), “National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework”, NIST Special Publication, Vol. 800, p. 181.
Newman, L. H. (2018), The Worst Cybersecurity Breaches of 2018 So Far. [online] Available at: https://www.wired.com/story/2018-worst-hacks-so-far/ (accessed date November 25, 2018)
Pillemer, K.A. (2012), “30 lessons for living: tried and true advice from the wisest Americans”, Penguin.
Piyare, R. (2013), “Internet of Things: Ubiquitous home control and monitoring system using Android based smart phone”, International Journal of Internet of Things, Vol. 2 No. 1, pp. 511.
Pruitt, J. and Adlin, T. (2010), “The persona lifecycle: keeping people in mind throughout product design”, Elsevier.
Rosner, G. and Kenneally, E. (2018), Privacy and the Internet of Things: Emerging frameworks for policy and design, The Center for Long-term Cybersecurity (CLTC), Berkeley, CA, https://cltc.berkeley.edu/wp-content/uploads/2018/06/CLTC_Privacy_of_the_IoT-1.pdf.
Rosner, G. and Kenneally, E. (2017), Privacy and the Internet of Things, Center for Long-Term Cybersecurity, Berkeley, CA.
Siddall, E., Baibarac, C., Byrne, A., Byrne, N., Deasy, A., Flood, N., … and Wang, , Y. (2011), “Personas as a user-centred design tool for the built environment”, Proceedings of the Institution of Civil Engineers-Engineering Sustainability, Vol. 164 No. 1, March 2011, pp. 5969, https://doi.org/10.1680/ensu.1000015
Singer, P.W. and Friedman, A. (2014), Cybersecurity: What everyone needs to know, Oxford University Press. https://doi.org/10.5860/choice.188472
Stoll, J., McColgin, D., Gregory, M., Crow, V. and Edwards, W.K. (2008), “Adapting personas for use in security visualization design. In VizSEC 2007 (pp. 39-52). Springer, Berlin, Heidelberg.
Ten, C.W., Liu, C.C. and Manimaran, G. (2008), “Vulnerability Assessment of Cybersecurity for SCADA Systems”, IEEE Transactions on Power Systems, Vol. 23 No. 4, pp. 18361846. https://doi.org/10.1109/tpwrs.2008.2002298.
Ten, C.W., Manimaran, G. and Liu, C.C. (2010), “Cybersecurity for critical infrastructures: Attack and defense modeling”, IEEE Transactions on Systems, Man, and Cybernetics-Part A: Systems and Humans, Vol. 40 No. 4, pp. 853865. https://doi.org/10.1109/tsmca.2010.2048028.

Keywords

From Innocent Irene to Parental Patrick: Framing User Characteristics and Personas to Design for Cybersecurity

  • Euiyoung Kim (a1), JungKyoon Yoon (a2), Jieun Kwon (a3), Tiffany Liaw (a4) and Alice M. Agogino (a5)...

Metrics

Full text views

Total number of HTML views: 0
Total number of PDF views: 0 *
Loading metrics...

Abstract views

Total abstract views: 0 *
Loading metrics...

* Views captured on Cambridge Core between <date>. This data will be updated every 24 hours.

Usage data cannot currently be displayed