Security Education: The Challenge beyond the Classroom

  • Steven M. Furnell
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 406)


While it is easy to identify formal security education efforts directed towards professional programmes and academic curricula, it is arguable that the far larger population of end-users rarely benefit from such focused consideration. The paper discusses the nature of the challenge and presents survey evidence to illustrate that users are not coping with the technologies that they are expected to interact with, even when the threats concerned are relatively long-standing. Specific results are presented to show the persistence of bad practice with passwords, alongside the difference that can result if more effort were to be made to promote related guidance. Further evidence is then presented around end-user practices in relation to malware protection, suggesting that their limited understanding of the threats often leads to them protecting some devices but overlooking others. The discussion then concludes by recommending more proactive approach when targeting the end-users who may otherwise be unaware of their risks.


Security education End-user awareness Passwords Malware 


  1. 1.
    Goodchild, J.: The Security Certification Directory, CSO Online (October 24, 2012), (accessed April 25, 2012)
  2. 2.
    Furnell, S., Bär, N.: Essential lessons still not learned? Examining the password practices of end-users and service providers. To Appear in Proceedings of HCI International 2013, Las Vegas, Nevada, July 21-26 (2013) Google Scholar
  3. 3.
    Furnell, S.: Assessing password guidance and enforcement on leading websites. Computer Fraud & Security, 10–18 (December 2011)Google Scholar
  4. 4.
    Kaspersky Lab. Today’s Mobile Threatscape: Android-Centric, Booming, Espionage-friendly, Virus News (February 28, 2013),
  5. 5.
    Ernst & Young. Fighting to close the gap – Ernst & Young’s Global Information Security Survey (2012), EYG no. AU1311,
  6. 6.
    ENISA. European Month of Network and Information Security for All - A feasibility study (December 14, 2011) ISBN-13 978-92-9204-056-7 Google Scholar
  7. 7.
    ENISA. Be Aware, Be Secure. Synthesis of the results of the first European Cyber Security Month (December 17, 2012) ISBN 978-92-9204-063-5Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2013

Authors and Affiliations

  • Steven M. Furnell
    • 1
    • 2
  1. 1.Centre for Security, Communications and Network ResearchPlymouth UniversityPlymouthUnited Kingdom
  2. 2.Security Research InstituteEdith Cowan UniversityPerthAustralia

Personalised recommendations