research-article

Open access

Properties for Cybersecurity Awareness Posters’ Design and Quality Assessment

Authors:

Sunil Chaudhary,

Sebastian Pape,

Vasileios GkioulosAuthors Info & Claims

ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security

Article No.: 79, Pages 1 - 8

https://doi.org/10.1145/3538969.3543794

Published: 23 August 2022 Publication History

All formats PDF

Abstract

Posters are widely in practice to communicate cybersecurity awareness (CSA) messages. This popularity could be because it is one of the simplest mechanisms, and most people are accustomed to poster usage. Despite this, very little effort has been made to make the CSA poster design and assessment more systematic. Due to this, there exists a wide variation in CSA poster design. Alarmingly, many of them do not align with the needs and objectives of CSA. This study, therefore, intends to collect and analyze the properties that can guide the production of more uniform and effective posters for CSA purposes. At the same time, the study contributes to making the poster design and quality assessment approach more systematic. In order to do so, this study used a literature review for the elicitation of properties and an online assessment to analyze the relevancy of the elicited properties. As a final result, the study provides six main properties (i.e., topic, information quality, message framing, suggestions quality, content presentation, localization, and style and formatting) and their respective twenty-one sub-properties that can facilitate CSA poster design and its quality assessment.

References

[1]

Mubashir Aslam Arain, Rima Tarraf, and Armghan Ahmad. 2019. Assessing staff awareness and effectiveness of educational training on IT security and privacy in a large healthcare organization. Journal of Multidisciplinary Healthcare 2019, 12 (2019), 73–81. https://doi.org/10.2147/JMDH.S183275

[2]

Maria Bada and Jason R.C. Nurse. 2019. Developing cybersecurity education and awareness programmes for small- and medium-sized enterprises (SMEs). Information & Computer Security 27, 3 (2019), 393–410. https://doi.org/10.1108/ICS-07-2018-0080

[3]

Maria Bada, Angela M. Sasse, and Jason R.C. Nurse. 2015. Cyber Security Awareness Campaigns: Why do they fail to change behaviour?. In International Conference on Cyber Security for Sustainable Society. Coventry, UK.

[4]

John Baird and Jim Stull. 1979. The Seven C’s of Communication. Prentice Hall, Englewood Cliffs, NJ, USA.

[5]

Renévan Bavel, Nuria Rodríguez-Priego, José Vila, and Pam Briggs. 2019. Using protection motivation theory in the design of nudges to improve online security behavior. International Journal of Human-Computer Studies 123 (2019), 29–39. https://doi.org/10.1016/j.ijhcs.2018.11.003

[6]

Mohammed Boujettif and Yongge Wang. 2010. Constructivist Approach to Information Security Awareness in the Middle East. In International Conference on Broadband, Wireless Computing, Communication and Applications. Fukuoka, Japan.

Digital Library

[7]

John Braithwaite and Toni Makkai. 1994. Trust and compliance. Policing and Society 4, 1 (May 1994), 1–12. https://doi.org/10.1080/10439463.1994.9964679

[8]

Jan-Willem H. Bullée, Lorena Montoya, Wolter Pieters, Marianne Junger, and Pieter H. Hartel. 2015. The persuasion and security awareness experiment: reducing the success of social engineering attacks. Journal of Experimental Criminology 11 (2015), 97––115. https://doi.org/10.1007/s11292-014-9222-7

[9]

Albert Caballero. 2017. Security Education, Training, and Awareness. In Computer and Information Security Handbook (3rd ed.), John R. Vacca (Ed.). Morgan Kaufmann, Burlington, MA, USA, Chapter 33, 497–505. https://doi.org/10.1016/B978-0-12-803843-7.00033-8

[10]

Ronald C.Dodge Jr.and Curtis Carver and Aaron J.Ferguson. 2007. Phishing for user security awareness. Computers & Security 26, 1 (2007), 73–80. https://doi.org/10.1016/j.cose.2006.10.009

Digital Library

[11]

Sunil Chaudhary, Vasileios Gkioulos, and David Goodman. 2021. D9.11 SME cybersecurity awareness program 2. Technical Report. Brussel, Belgium.

[12]

Sunil Chaudhary, Sebastian Pape, Marko Kompara, Georgios Kavallieratos, and Vasileios Gkioulos. 2022. D3.19 Guidelines for Enhancement of Societal Security Awareness. Technical Report. Brussels, Belgium.

[13]

Ann Christiano and Annie Neimand. 2017. Stop Raising Awareness Already. Retrieved 30 March 2022 from https://ssir.org/articles/entry/stop_raising_awareness_already#

[14]

David A. Cook. 2019. Systematic and Nonsystematic Reviews: Choosing an Approach. In Healthcare Simulation Research: A Practical Guide, Debra Nestel, Joshua Hui, Kevin Kunkler, Mark W. Scerbo, and Aaron W. Calhoun (Eds.). Springer, Cham, Switzerland, 55–60. https://doi.org/10.1007/978-3-030-26837-4_8

[15]

Lynne Coventry, Pam Briggs, John Blythe, and Minh Tran. 2014. Using behavioural insights to improve the public’s use of cyber security best practices. Technical Report. London, UK.

[16]

Richard L. Daft and Robert H. Lengel. 1983. Information Richness: A New Approach to Managerial Behavior and Organization Design. Technical Report. USA.

[17]

Linda Darling-Hammond, Lisa Flook, Channa Cook-Harvey, Brigid Barron, and David Osher. 2019. Implications for educational practice of the science of learning and development. Applied Developmental Science 24, 2 (2019), 91–140. https://doi.org/10.1080/10888691.2018.1537791

[18]

Hans de Bruijn and Marijn Janssen. 2017. Building Cybersecurity Awareness: The need for evidence-based framing strategies. Government Information Quarterly 34, 1 (2017), 1–7. https://doi.org/10.1016/j.giq.2017.02.007

[19]

Rachna Dhamija, J.D. Tygar, and Marti Hearst. 2006. Why phishing works. In SIGCHI Conference on Human Factors in Computing Systems. ACM, Montreal, Canada, 581––590. https://doi.org/10.1145/1124772.1124861

Digital Library

[20]

Paul Dolan, Michael Hallsworth, David Halpern, Dominic King, Robert Metcalfe, and Ivo Vlaev. 2012. Influencing behaviour: The mindspace way. Journal of Economic Psychology 33, 1 (2012), 264–277. https://doi.org/10.1016/j.joep.2011.10.009

[21]

ENISA. 2010. The new users’ guide: How to raise information security awareness. Technical Report. Athens, Greece.

[22]

ENISA. 2021. ENISA Threat Landscape 2021. Technical Report. Athens, Greece.

[23]

ENISA. 2022. Material. https://www.enisa.europa.eu/media/multimedia/material

[24]

Robert M. Entman. 1993. Framing: Toward Clarification of a Fractured Paradigm. Journal of Communication 43, 4 (1993), 51–58. https://doi.org/10.1111/j.1460-2466.1993.tb01304.x

[25]

EUROPOL. 2022. Public Awareness and Prevention Guides. https://www.europol.europa.eu/operations-services-and-innovation/public-awareness-and-prevention-guides

[26]

Steven Furnell and Ismini Vasileiou. 2017. Security education and awareness: just let them burn?Network Security 2017, 12 (2017), 5–9. https://doi.org/10.1016/S1353-4858(17)30122-8

Digital Library

[27]

Urs E. Gattiker. 2006. Can an early warning system for home users and SMEs make a difference? A field study. In Critical Information Infrastructures Security(LNCS, Vol. 4347), Javier Lopez (Ed.). Springer-Verlag Berlin, Heidelberg, Samos, Greece, 112–127.

[28]

Shawn M. Glynn. 1983. Cognitive Processes Involved in Text Learning. In Annual Meeting of the American Educational Research Association. Montreal, Canada.

[29]

InfoSec Institute. 2022. Top 20 security awareness posters with messages that STICK. https://resources.infosecinstitute.com/topic/top-20-security-awareness-posters-messages-stick/

[30]

SANS Institute. 2022. Posters. https://www.sans.org/security-awareness-training/resources/posters

[31]

Phillip Isola, Devi Parikh, Antonio Torralba, and Aude Oliva. 2012. Understanding the Intrinsic Memorability of Images. Journal of Vision 12, 9 (2012). https://doi.org/10.1167/12.9.1082

[32]

Stacy Jansen. 2017. Bias within systematic and non-systematic literature reviews: the case of the Balanced Scorecard (Master’s thesis). Master’s thesis. University of Twente, Enschede, Netherlands.

[33]

Robert F. Lorch Jr. and Elizabeth Pugzles Lorch. 1985. Topic Structure Representation and Text Recall. Journal of Educational Psychology 77, 2 (1985), 137–148. https://doi.org/10.1037/0022-0663.77.2.137

[34]

M. E. Kabay, Bridgitt Robertson, Mani Akella, and D.T. Lang. 2012. Using Social Psychology to Implement Security Policies. In Computer Security Handbook(6th ed.), Seymour Bosworth, Michel E. Kabay, and Eric Whyne (Eds.). John Wiley & Sons, Hoboken, NJ, USA, Chapter 50, 50.1–50.25. https://doi.org/10.1002/9781118820650.ch50

[35]

Paul Kahn and Krzysztof Lenk. 1998. Design: principles of typography for user interface design. Interactions 5, 6 (1998), 15––29. https://doi.org/10.1145/287821.287825

Digital Library

[36]

Mitchell Kajzer, Charles R. Crowell, Angela Ferreira, John DÁrcy, Dirk VanBruggen, and Aaron Striegel. 2013. Poster: Memorability of Computer Security Posters as Affected by Message Type. In Symposium on Usable Privacy and Security (SOUPS). Newcastle, UK.

[37]

Sokratis K. Katsikas. 2000. Health care management and information system security: Awareness, training or education?International Journal of Medical Informatics 60 (2000), 129–135. https://doi.org/10.1016/S1386-5056(00)00112-X

[38]

Global Knowledge. 2022. Cybersecurity Awareness Posters. https://www.globalknowledge.com/us-en/topics/cybersecurity/cybersecurity-awareness-posters/#gref

[39]

Hennie Kruger, Lynette Drevin, and Tjaart Steyn. 2010. A vocabulary test to assess information security awareness. Information Management & Computer Security 18, 5 (2010), 316–327. https://doi.org/10.1108/09685221011095236

[40]

Hennie A. Kruger and Wayne D. Kearney. 2006. A prototype for assessing information security awareness. Computers & Security 25, 4 (2006), 289–296. https://doi.org/10.1016/j.cose.2006.02.008

Digital Library

[41]

Harold D. Lasswell. 1948. The structure and function of communication in society. In The Communication of Ideas(1st ed.), Lyman Bryson (Ed.). Harper and Row, New York, USA, 37–51.

[42]

Regina E. Lundgren and Andrea H. McMakin. 2018. Risk Communication: A Handbook for Communicating Environmental, Safety, and Health Risks(6th ed.). Wiley-IEEE Press.

[43]

Durairaj Maheswaran and Joan Meyers-Levy. 1990. The Influence of Message Framing and Issue Involvement. Journal of Marketing Research 27, 3 (1990), 361–367. https://doi.org/10.2307/3172593

[44]

Peter Mayer, Alexandra Kunz, and Melanie Volkamer. 2017. Reliable Behavioural Factors in the Information Security Context. In SIGCHI Conference on Human Factors in Computing Systems. ACM, Reggio Calabria, Italy, 1–10. https://doi.org/10.1145/3098954.3098986

Digital Library

[45]

Carrie McCoy and Rebecca Thurmond Flower. 2004. You are the key to security: establishing a successful security awareness program. In 32nd Annual ACM SIGUCCS Conference on User Services. Baltimore, MD, USA.

Digital Library

[46]

Microsoft. 2015. Attention spans. Technical Report. Canada.

[47]

Jakob Nielsen. 2010. Horizontal Attention Leans Left (Early Research). https://www.nngroup.com/articles/horizontal-attention-original-research/

[48]

Oyelami Julius Olusegun and Norafida Binti Ithnin. 2013. People Are the Answer to Security: Establishing a Sustainable Information Security Awareness Training (ISAT) Program in Organization. Retrieved 30 March 2022 from https://arxiv.org/abs/1309.0188

[49]

James Van Patten, Chun-I Chao, and Charles M. Reigeluth. 1986. A Review of Strategies for Sequencing and Synthesizing Instruction. Review of Educational Research 56, 4 (1986), 437–471. https://doi.org/10.3102/00346543056004437

[50]

Postermywall. 2022. 8,720+ customizable design templates for marketing. Retrieved 10 April 2022 from https://www.postermywall.com/index.php/posters/search?s=marketing

[51]

PosterPresentations.com. 2022. Free Research Poster PowerPoint Templates. Retrieved 10 April 2022 from https://www.posterpresentations.com/free-poster-templates.html

[52]

Tobias Reynolds-Tylus. 2019. Psychological Reactance and Persuasive Health Communication: A Review of the Literature. Frontiers in Communication 4, 56 (2019), 1–12. https://doi.org/10.3389/fcomm.2019.00056

[53]

R.S.Shaw, Charlie C.Chen, Albert L.Harris, and Hui-Jou Huang. 2009. The impact of information richness on information security awareness training effectiveness. Computers & Education 52, 1 (2009), 92–100. https://doi.org/10.1016/j.compedu.2008.06.011

Digital Library

[54]

TerraNova Security. 2022. Why Localized Security Awareness Training Matters. https://terranovasecurity.com/why-localized-security-awareness-training-matters/

[55]

Miles A. Tinker and Donald G. Paterson. 1928. Influence of type form on speed of reading.Journal of Applied Psychology 12, 4 (1928), 359––368. https://doi.org/10.1037/h0073699

[56]

Mark Wilson and Joan Hash. 2003. Building an Information Technology Security Awareness and Training Program. Technical Report. Gaithersburg, MD, USA.

[57]

Michael Wolf, Dwight A. haworth, and Leah Pietron. 2011. Measuring An Information Security Awareness Program. Review of Business Information Systems 53, 3 (2011), 9–21. https://doi.org/10.19030/rbis.v15i3.5398

[58]

Cyber Safe Work. 2022. Security Awareness for a Culture of Security. https://cybersafework.com/free-security-posters/

Cited By

Stelea GSangeorzan LEnache-David N(2025)When Cybersecurity Meets Accessibility: A Holistic Development Architecture for Inclusive Cyber-Secure Web Applications and WebsitesFuture Internet10.3390/fi1702006717:2(67)Online publication date: 5-Feb-2025
https://doi.org/10.3390/fi17020067
Qawasmeh SAlQahtani AKhan M(2025)Navigating cybersecurity training: A comprehensive reviewComputers and Electrical Engineering10.1016/j.compeleceng.2025.110097123(110097)Online publication date: Apr-2025
https://doi.org/10.1016/j.compeleceng.2025.110097
Chaudhary SGkioulos VKatsikas S(2024)A quest for research and knowledge gaps in cybersecurity awareness for small and medium-sized enterprisesComputer Science Review10.1016/j.cosrev.2023.10059250:COnline publication date: 4-Mar-2024
https://dl.acm.org/doi/10.1016/j.cosrev.2023.100592
Show More Cited By

Index Terms

Properties for Cybersecurity Awareness Posters’ Design and Quality Assessment
1. Computer systems organization
  1. Dependable and fault-tolerant systems and networks
    1. Redundancy
  2. Embedded and cyber-physical systems
    1. Embedded systems

Recommendations

Session details: Posters
OOPSLA '11: Proceedings of the ACM international conference companion on Object oriented programming systems languages and applications companion

SPLASH Posters provide an excellent forum for authors to present their work in an informal and interactive setting. Posters are ideal to showcase speculative, late-breaking results or to introduce interesting, innovative work. Posters sessions are ...
Session details: Posters
WWW '16 Companion: Proceedings of the 25th International Conference Companion on World Wide Web

It is our great pleasure to welcome you to the Poster Track, associated with WWW 2016.

The poster track is a forum to foster interactions among researchers and practitioners, by allowing them to present their new and innovative work in-progress. By ...
SIGGRAPH '10: ACM SIGGRAPH 2010 Posters

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security

August 2022

1371 pages

ISBN:9781450396707

DOI:10.1145/3538969

Copyright © 2022 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 August 2022

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Horizon 2020 Framework Programme

Conference

ARES 2022

ARES 2022: The 17th International Conference on Availability, Reliability and Security

August 23 - 26, 2022

Vienna, Austria

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
2,729
Total Downloads

Downloads (Last 12 months)2,210
Downloads (Last 6 weeks)64

Reflects downloads up to 14 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Stelea GSangeorzan LEnache-David N(2025)When Cybersecurity Meets Accessibility: A Holistic Development Architecture for Inclusive Cyber-Secure Web Applications and WebsitesFuture Internet10.3390/fi1702006717:2(67)Online publication date: 5-Feb-2025
https://doi.org/10.3390/fi17020067
Qawasmeh SAlQahtani AKhan M(2025)Navigating cybersecurity training: A comprehensive reviewComputers and Electrical Engineering10.1016/j.compeleceng.2025.110097123(110097)Online publication date: Apr-2025
https://doi.org/10.1016/j.compeleceng.2025.110097
Chaudhary SGkioulos VKatsikas S(2024)A quest for research and knowledge gaps in cybersecurity awareness for small and medium-sized enterprisesComputer Science Review10.1016/j.cosrev.2023.10059250:COnline publication date: 4-Mar-2024
https://dl.acm.org/doi/10.1016/j.cosrev.2023.100592
Chaudhary SGkioulos V(2023)Building a Cybersecurity Awareness Program: Present and Prospective AspectsDigital Sovereignty in Cyber Security: New Challenges in Future Vision10.1007/978-3-031-36096-1_10(149-160)Online publication date: 16-Jun-2023
https://doi.org/10.1007/978-3-031-36096-1_10

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten