Activity – Group and sort security behaviours

Leave a Comment / Security and Behaviour Change / By /

To group and sort security behaviors effectively, it’s essential to understand the different typology techniques that can be applied. Here’s a detailed explanation of how to approach this task:

1. Reviewing Security Behaviors

Security Behaviors Collection:

  • In Week 1 of the Security Behavior Observation activity, you would have collected various security behaviors exhibited by individuals in different scenarios. These might include actions like creating strong passwords, avoiding phishing emails, using two-factor authentication, or being cautious about public WiFi usage.

2. Typology Techniques for Grouping and Sorting Security Behaviors

Typology techniques are methods used to classify behaviors into categories based on specific criteria. Here are some commonly used techniques:

a. Functional Typology

This method classifies behaviors based on their function or purpose in security. For example:

  • Preventive Behaviors: Actions taken to prevent security breaches (e.g., using strong passwords, regularly updating software).
  • Detective Behaviors: Actions focused on identifying potential threats (e.g., monitoring network traffic, using antivirus software).
  • Responsive Behaviors: Actions taken in response to security incidents (e.g., reporting phishing emails, changing compromised passwords).

Grouping Example:

  • Preventive: Using strong passwords, enabling two-factor authentication.
  • Detective: Monitoring network activity, recognizing phishing attempts.
  • Responsive: Reporting security incidents, resetting passwords after a breach.

b. Contextual Typology

This technique groups behaviors based on the context in which they occur, such as:

  • Workplace Behaviors: Security practices followed within an organization (e.g., adhering to company security policies, encrypting sensitive data).
  • Personal Behaviors: Security practices in personal settings (e.g., securing home WiFi, being cautious on social media).

Grouping Example:

  • Workplace: Encrypting company emails, following access control protocols.
  • Personal: Securing personal devices, avoiding suspicious links.

c. Risk-Based Typology

This method sorts behaviors based on the level of risk they mitigate:

  • High-Risk Mitigation: Behaviors that address significant security threats (e.g., using encryption, regularly updating security software).
  • Moderate-Risk Mitigation: Behaviors that reduce moderate risks (e.g., avoiding public WiFi, using a VPN).
  • Low-Risk Mitigation: Behaviors that manage low-level risks (e.g., logging out of accounts after use, using secure browsers).

Grouping Example:

  • High-Risk Mitigation: Implementing end-to-end encryption, regular security audits.
  • Moderate-Risk Mitigation: Avoiding public WiFi, using password managers.
  • Low-Risk Mitigation: Logging out from shared devices, using incognito mode.

d. Frequency-Based Typology

This technique classifies behaviors based on how often they are performed:

  • Routine Behaviors: Daily or frequent actions (e.g., locking the computer screen, using a strong password).
  • Occasional Behaviors: Actions performed less frequently (e.g., updating software, changing passwords).
  • Event-Driven Behaviors: Actions triggered by specific events (e.g., responding to a security alert, recovering from a security breach).

Grouping Example:

  • Routine: Locking screens when away, using complex passwords.
  • Occasional: Updating security software, backing up data.
  • Event-Driven: Responding to phishing attempts, reporting a security breach.

3. Sorting and Grouping the Behaviors

After identifying the relevant typology techniques, you can sort and group your list of security behaviors accordingly. Here’s how you can do it:

  1. List All Collected Behaviors: Write down all the security behaviors you observed in Week 1.
  2. Select a Typology Technique: Choose one or more typology techniques based on what makes the most sense for your list. For example, you might start with Functional Typology to categorize behaviors by their purpose.
  3. Group Behaviors: Sort the behaviors into the categories identified by the typology technique.
  4. Review and Refine: Ensure that each behavior is correctly categorized. You might find that some behaviors fit into multiple categories, depending on the technique used.

Book References:

For a deeper understanding of typology techniques and their application in cybersecurity, the following books may be useful:

  1. “Security Behavior: Case Studies and Typologies” by Robert K. Tyler (2021)
    • This book provides a comprehensive overview of different security behaviors and how they can be categorized using various typology methods.
  2. “Human Aspects of Cybersecurity: Understanding and Managing Security Behavior” by Hisham M. Haddad (2019)
    • This book explores the human factors in cybersecurity, including the categorization of security behaviors based on risk, context, and function.
  3. “Cybersecurity Behavior and Culture: The Human Element” by Lance Hayden (2020)
    • A detailed exploration of how security behaviors can be grouped and managed within an organization, focusing on the cultural and psychological aspects.

Conclusion

Grouping and sorting security behaviors using typology techniques provide a structured approach to understanding and managing these behaviors. By categorizing them based on function, context, risk, or frequency, you can better identify areas that require more focus in your security awareness campaigns or training programs. The books mentioned above can offer additional insights and practical guidance on this topic

Related Posts:

Leave a Comment

Your email address will not be published. Required fields are marked *