2 govcert.nl 2007 conference – user empowerment and information security

by Urs E. Gattiker on 2007/10/19 · 3 comments 5.072 views

User empowerment and raising awarenes about information security
How do we empower users to protect their information better – are information security awareness campgaigns the key on the road to success?
get some isnights and answers why your efforts in the past may have failed

Recently we posted:

1 – govcert.nl 2007 conference – user empowerment and information security

Today we do a follow up.

Urs E. Gattiker, Founder and CTO CyTRAP Labs, Switzerland gave a presentation about:

Why info information security awareness initiatives have failed and will continue to do so

The above link provides you with the slides presented in pdf format including hyperlinks to get access to the sources used to make a case for what was presented.

Below we provide you with a short summary that you can download as well (see link further down).


Corporations and Member States of the European Union have made great efforts to raise user awareness regarding information security (e.g., ENISA study – information security awareness initiatives) . As well, we can find many educational interventions that were designed to raise information security awareness by changing adolescents’ knowledge, beliefs, or attitudes regarding information security. With additional training and information it was hoped that risk taking would change, thereby improving security and, most importantly, reducing malware infections that have also exacerbated the amount of spam we get thanks to botnets.

Unfortunately, these efforts have been largely ineffective. Adolescents and college-age individuals have in the past and will continue to take more risks than children or adults do, as indicated by statistics on automobile crashes, binge drinking, contraceptive use, identity theft and internet stalking.

What does this mean for the prevention of unhealthy risk taking in adolescence and information security related matters? Extant research suggests that it is not the way adolescents think or what they don’t know or understand that is the problem. In fact, educational interventions designed to change how adolescents view risky activities on social networks in cyberspace or data privacy will not result in better prevention. However, shifting focus on limiting opportunities for immature judgment to have harmful consequences appears to be a more viable strategy.

In light of studies showing familial influences on psychosocial maturity in adolescence, understanding how contextual factors influence the development of self-regulation is a high priority to help improve information security. Limiting opportunities for immature judgment and how this might help in changing risk taking in adolescents (11 – 25 years of age – reasoning abilities and psychosocial capacities) when surfing the internet is at the core of this presentation.

Download this summary as a pdf


Check out the full program here:

are you a master of your own identity – 6th International IT & Information Security Symposium, GOVCERT.NL,


To make it more convenient for you to take advantage of CyTRAP Labs’ offerings, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs.

Previous post:

Next post: