Keynote: Tackling the Awareness-Behaviour Divide in Security (Step 1): Understand the User by Lynne Coventry

Summary form only given. Various factors inuence user\´s behaviour and interactions with technology. This means security has a socio-technical element, that continues to present a challenge in research and attempts to improve security behaviour. Users may not be the enemy but their (un)intentional (mis)use of technology is certainly part of the problem in security. To solve this problem, we must do more than simply pay lip service to the need to address the human element, we need to systematically explore the environmental, social and personal inuencers of behaviour within the context of cybersecurity. Those who seek to ensure cybersecurity must learn to utilise such inuencers as efficiently as those who seek to exploit them. Awareness training is touted as the solution, awareness may be necessary but it is seldom sufficient. Psychological research and organisational reports suggest that increased user awareness alone is in- sufficient when it comes to changing actual behaviour. This may make users\´ behaviours seem irrational, but they are understandable if you appreciate the cognitive biases people are prone to and the heuristics they use when the time, abort and knowledge required to follow a rational" decision making process outweighs the benefits perceived by the user. This talk provides a short overview of the issues worthy of exploration in security research and suggests several strategies on how to tackle the security awareness - behaviour divide.