TY - GEN
T1 - Smartphone usage and security maturity
T2 - 17th European Conference on Cyber Warfare and Security, ECCWS 2018
AU - Louw, Candice
AU - Von Solms, Basie
N1 - Publisher Copyright:
© 2018 Curran Associates Inc. All rights reserved.
PY - 2018
Y1 - 2018
N2 - Smartphones have become such an indispensable part of the modern day individual’s life that it has become almost impossible to escape their use on a daily basis. The less obtrusive, yet more invasive role that these devices play in various aspects of everyday life is further amplified by the introduction of wearable devices that act as complementary extensions of functionality and sensing. Despite the various advantages that smartphones may offer, it is important to note that technology is still subordinate to the motives and morality of those who choose to make use of it (Casey, 2011:286). As such, cyber criminals may now write and distribute smartphone applications (apps) that are able to harness the full capabilities of these smart devices and access the information stored on them – possibly without a user’s knowledge or consent. With purely technical countermeasures having been found to possibly overwhelm and intimidate end users of a non-technical nature (Felt et al., 2012), these approaches are often rendered useless, leaving the end user equally exposed to smartphone threats that may be exploited by cyber criminals. In this paper, we aim to address this problem by determining the specific level of device usage competency of an individual smartphone user, thereby making it possible to provide them with level-appropriate training and awareness content that does not intimidate or overwhelm them. To assist in this endeavour, we make use of the Smartphone Application User Security Competency Evolution (SAUSCE) model to evaluate the levels of device specialisation of two separate groups of university students enrolled for software engineering degrees in Johannesburg, South Africa – those in their first year of study, and those in their fourth year of study. The main findings from the study pointed out that the vast majority of both junior and senior students possess a smartphone which is indicative of the proliferating nature of these devices, while the most popular operating system choice for senior students is Android. Moreover, the majority of senior students were found to be developer active users that write and deploy their own apps on their devices, while the majority of junior students were found to be regular active users that install regular third party apps on their devices. Furthermore, it is noted that the SAUSCE model can be used to gauge how many individuals possess a smartphone and how many don’t, in addition to pointing out what the overall technical proficiency/maturity is of those who are in possession of a smartphone on both an individual and group basis. Finally, despite the perceived technological capability of an audience, assumptions should not be made about their ability to implicitly understand all technical terms during security training/awareness campaigns and explicitly defining or explaining technical terms beforehand assists with completing the task at hand. Overall, this research aims to contribute to the enhancement of user-centred security pertaining specifically to smartphones, by delivering usable, initial results of such an endeavour.
AB - Smartphones have become such an indispensable part of the modern day individual’s life that it has become almost impossible to escape their use on a daily basis. The less obtrusive, yet more invasive role that these devices play in various aspects of everyday life is further amplified by the introduction of wearable devices that act as complementary extensions of functionality and sensing. Despite the various advantages that smartphones may offer, it is important to note that technology is still subordinate to the motives and morality of those who choose to make use of it (Casey, 2011:286). As such, cyber criminals may now write and distribute smartphone applications (apps) that are able to harness the full capabilities of these smart devices and access the information stored on them – possibly without a user’s knowledge or consent. With purely technical countermeasures having been found to possibly overwhelm and intimidate end users of a non-technical nature (Felt et al., 2012), these approaches are often rendered useless, leaving the end user equally exposed to smartphone threats that may be exploited by cyber criminals. In this paper, we aim to address this problem by determining the specific level of device usage competency of an individual smartphone user, thereby making it possible to provide them with level-appropriate training and awareness content that does not intimidate or overwhelm them. To assist in this endeavour, we make use of the Smartphone Application User Security Competency Evolution (SAUSCE) model to evaluate the levels of device specialisation of two separate groups of university students enrolled for software engineering degrees in Johannesburg, South Africa – those in their first year of study, and those in their fourth year of study. The main findings from the study pointed out that the vast majority of both junior and senior students possess a smartphone which is indicative of the proliferating nature of these devices, while the most popular operating system choice for senior students is Android. Moreover, the majority of senior students were found to be developer active users that write and deploy their own apps on their devices, while the majority of junior students were found to be regular active users that install regular third party apps on their devices. Furthermore, it is noted that the SAUSCE model can be used to gauge how many individuals possess a smartphone and how many don’t, in addition to pointing out what the overall technical proficiency/maturity is of those who are in possession of a smartphone on both an individual and group basis. Finally, despite the perceived technological capability of an audience, assumptions should not be made about their ability to implicitly understand all technical terms during security training/awareness campaigns and explicitly defining or explaining technical terms beforehand assists with completing the task at hand. Overall, this research aims to contribute to the enhancement of user-centred security pertaining specifically to smartphones, by delivering usable, initial results of such an endeavour.
KW - Security awareness
KW - Smartphone maturity
KW - Smartphone security
KW - Smartphone usage evaluation
KW - Student smartphone usage
KW - Training
KW - User-centred security
UR - http://www.scopus.com/inward/record.url?scp=85050809288&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85050809288
T3 - European Conference on Information Warfare and Security, ECCWS
SP - 268
EP - 277
BT - Proceedings of the 17th European Conference on Cyber Warfare and Security, ECCWS 2018
A2 - Josang, Audun
PB - Curran Associates Inc.
Y2 - 28 June 2018 through 29 June 2018
ER -
