Scare tactics – A viable weapon in the security war?

SM Furnell, M Papadaki, KL Thomson

Research output: Contribution to journalArticlepeer-review

Abstract

End-users are frequently criticised as the sources of bad security practice, and it is often suggested that they might take the issue more seriously if they experienced the impact of a breach. An option for enabling this in a controlled manner would be for security administrators to deliberately create conditions and situations that provide firsthand demonstrations to targeted users. This article refers to such approaches as ‘scare tactics’, and examines a number of opportunities that may exist based upon common security failings. The discussion also examines the nature of current awareness raising efforts, and the extent to which such aggressive techniques may already be used. The closest parallel is found to exist with the concept of penetration testing, but there is a tangible difference in the underlying motive; whereas penetration testing is used to determine whether security is effective or not, scare tactics would essentially be used when this is already known not to be the case. Hence, they are founded upon the concept of teaching users a lesson in a manner that may introduce anxiety and mistrust, and for that reason must be regarded as a less ethical approach.
Original languageEnglish
Pages (from-to)6-10
Number of pages0
JournalComputer Fraud & Security
Volume2009
Issue number12
Publication statusIn preparation - 1 Dec 2009

Fingerprint

Dive into the research topics of 'Scare tactics – A viable weapon in the security war?'. Together they form a unique fingerprint.

Cite this