RAISING AWARENESS OF SECURITY REGULATIONS


It is often the employees who create a risk to the company’s data as a result of negligent behaviour. There are many rea- sons for this but AIT has identified one central reason in its comprehensive diary studies and surveys: “Often employees are simply unaware of the security regulations or else do not realise how important they are,” explains Marc Busch, a tech- nology experience expert at the AIT Innovation Systems De- partment. The MUSES project is seeking to increase awaren- ess of security issues in companies with its new persuasive in- formation security software. “The demand for greater informa- tion security has increased significantly in companies over the last few years,” says Busch. “Practical experience reveals, however, that standard software solutions and security training courses generally do not have the desired effect and are non- pragmatic or else too expensive.” It is important not to undere- stimate the total losses created by these breaches in security.


PERSUASION IS ESSENTIAL


AIT contributes its experience in persuasive technologies and user research to this new software solution. The aim is to change behaviour in the desired direction. “Existing software solutions are generally designed to patronise, for example by

simply preventing access to a company’s net- work,” says Busch. “This works in the short- term but we want to convince people of the importance of information security in the long-term. This can be achieved, for example, with an interactive quiz where employees can learn the security guidelines in a fun way or using visual information to make them think about their own behaviour.” This software presents a reminder in the event of a breach of security regulations, highlights potential consequences and offers alternative actions.

“What works in one company or for one em- ployee may not work elsewhere,” says Busch. The data security app can therefore be indivi- dually adapted to customers using a questi- onnaire developed by AIT. The three-year EU research project will be completed in Sep- tember 2015. A prototype is currently being tested in a realis- tic environment within a company. “We’re already in discussions con- cerning the development of a marketable so- lution,” says Busch. The persuasive security product should be sold along with the requi- red adaptations to companies.

MARC BUSCH

Scientist, Technology Experience Innovation Systems

MUSES is designed to convince people of the im- portance of information security.