{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,5]],"date-time":"2025-11-05T06:39:34Z","timestamp":1762324774824,"version":"3.41.2"},"reference-count":36,"publisher":"Emerald","issue":"1","license":[{"start":{"date-parts":[[2020,8,3]],"date-time":"2020-08-03T00:00:00Z","timestamp":1596412800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2021,5,10]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>The human factor is a major consideration in securing systems. A wide and increasing range of different technologies, devices, platforms, applications and services are being used every day by home users. In parallel, home users are also experiencing a range of different online threats and attacks and are increasingly being targeted as they lack the knowledge and awareness about potential threats and how to protect themselves. The increase in technologies and platforms also increases the burden upon a user to understand how to apply security across differing technologies, operating systems and applications. This results in managing the security across their technology portfolio increasingly more troublesome and time consuming. This paper aims to propose an approach that attempts to propose a system for improving security management and awareness for home users.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>The proposed system is capable of creating and assigning different security policies for different digital devices in a user-friendly fashion. These assigned policies are monitored, checked and managed to review the user\u2019s compliance with the assigned policies to provide bespoke awareness content based on the user\u2019s current needs.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>A novel framework was proposed for improving information security management and awareness for home users. In addition, a mock-up design was developed to simulate the proposed approach to visualise the main concept and the functions which might be performed when it is deployed in a real environment. A number of different scenarios have been simulated to show how the system can manage and deal with different types of users, devices and threats. In addition, the proposed approach has been evaluated by experts in the research domain. The overall feedback is positive, constructive and encouraging. The experts agreed that the identified research problem is a real problem. In addition, they agreed that the proposed approach is usable, feasible and effective in improving security management and awareness for home users.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Research limitations\/implications<\/jats:title>\n<jats:p>The proposed design of the system is a mock-up design without real data. Therefore, implementing the proposed approach in a real environment can provide the researcher with a better understanding of the effectiveness and the functionality of the proposed approach.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Practical implications<\/jats:title>\n<jats:p>This study offers a framework and usable mock-up design which can help in improving information security management for home users.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>Improving the security management and awareness for home users by monitoring, checking and managing different security controls and configurations effectively are the key to strengthen information security. Therefore, when home users have a good level of security management and awareness, this could protect and secure the home network and subsequently business infrastructure and services as well.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-05-2020-0073","type":"journal-article","created":{"date-parts":[[2020,7,30]],"date-time":"2020-07-30T11:01:18Z","timestamp":1596106878000},"page":"25-48","source":"Crossref","is-referenced-by-count":6,"title":["A novel approach for improving information security management and awareness for home environments"],"prefix":"10.1108","volume":"29","author":[{"given":"Fayez Ghazai","family":"Alotaibi","sequence":"first","affiliation":[]},{"given":"Nathan","family":"Clarke","sequence":"additional","affiliation":[]},{"given":"Steven M.","family":"Furnell","sequence":"additional","affiliation":[]}],"member":"140","published-online":{"date-parts":[[2020,8,3]]},"reference":[{"key":"key2021050810165619500_ref001","first-page":"116","article-title":"An analysis of home user security awareness and education","volume-title":"12Th International Conference for Internet Technology and Secured Transactions (Icitst)","year":"2017"},{"first-page":"20","article-title":"\u2018Holistic information security management for home environments","year":"2019","key":"key2021050810165619500_ref002"},{"key":"key2021050810165619500_ref012a","first-page":"1739","article-title":"It won\u2019t happen to me: promoting secure behaviour among internet users","volume-title":"Computers in Human Behavior","year":"2010"},{"issue":"5","key":"key2021050810165619500_ref003","doi-asserted-by":"crossref","first-page":"410","DOI":"10.1016\/j.cose.2007.03.001","article-title":"Assessing the security perceptions of personal internet users","volume":"26","year":"2007","journal-title":"Computers and Security"},{"first-page":"209","article-title":"The psychology of security for the home computer user","year":"2012","key":"key2021050810165619500_ref004"},{"key":"key2021050810165619500_ref005","unstructured":"IBA (2018) \u201cCybersecurity guidelines cyber security guidelines by the IBA\u2019s presidential task force on cyber security\u201d, available at: www.ibanet.org\/LPRU\/cybersecurity-guidelines.aspx (accessed 27 October 2019)."},{"article-title":"ISO\/IEC27002: 2013 information technology \u2013 code of practice for information security controls","year":"2013","author":"International Organization for Standardization (ISO)","key":"key2021050810165619500_ref006"},{"article-title":"ITU-T recommendation X.1111: Framework of security technologies for home network","year":"2007","author":"ITU","key":"key2021050810165619500_ref007"},{"key":"key2021050810165619500_ref008","first-page":"271","article-title":"Improved awareness on fake websites and detecting techniques","volume-title":"Global Security, Safety and Sustainability and e-Democracy","year":"2011"},{"key":"key2021050810165619500_ref04a","first-page":"493","article-title":"Information security policy: an organizational-level process model","volume-title":"Computers and Security","year":"2009"},{"issue":"8","key":"key2021050810165619500_ref009","doi-asserted-by":"crossref","first-page":"840","DOI":"10.1016\/j.cose.2010.08.001","article-title":"Cyber security for home users: a new way of protection through awareness enforcement","volume":"29","year":"2010","journal-title":"Computers and Security"},{"key":"key2021050810165619500_ref010","first-page":"340","article-title":"Home user security- from thick security-oriented home users to thin security- oriented home users","volume-title":"Science and Information Conference (SAI)","year":"2013"},{"key":"key2021050810165619500_ref011","first-page":"163","article-title":"Towards an automated security awareness system in a virtualized environment","volume-title":"11th European Conference on Information Warfare and Security","year":"2012"},{"issue":"3","key":"key2021050810165619500_ref012","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1145\/1325555.1325569","article-title":"Promoting personal responsibility for internet safety","volume":"51","year":"2008","journal-title":"Communications of the Acm"},{"key":"key2021050810165619500_ref013","unstructured":"Lunsford, P. and Boahn, C. (2015), \u201cHow the lizard squad took down two of the biggest networks in the world\u201d, available at: https:\/\/infosecwriters.com\/Papers\/JRollins_Lizard_Squad.pdf (accessed 1 March 2019)."},{"key":"key2021050810165619500_ref014","first-page":"19","article-title":"Web-based risk analysis for home users","volume-title":"10th Australian Information Security Management Conference, AISM","year":"2012"},{"article-title":"Using data type based security alert dialogs to raise online security awareness","volume-title":"the Seventh Symposium","year":"2011","key":"key2021050810165619500_ref015"},{"key":"key2021050810165619500_ref016","unstructured":"National Office of Statisitcs (2018), \u201cInternet access \u2013 households and individuals\u201d, available at: www.ons.gov.uk\/peoplepopulationandcommunity\/householdcharacteristics\/homeinternetandsocialmediausage\/bulletins\/internetaccesshouseholdsandindividuals\/2018 (accessed 2 March 2019)."},{"key":"key2021050810165619500_ref017","unstructured":"NCSA and PayPal (2013), \u201c2013 national online safety study\u201d, available at: https:\/\/staysafeonline.org\/download\/datasets\/7358\/2013NCSAOnlineSafetyStudy.pdf (accessed 22 June 2017)."},{"key":"key2021050810165619500_ref018","unstructured":"NCSC (2018), \u201c10 Steps to cyber security \u2013 NCSC\u201d, available at: www.ncsc.gov.uk\/collection\/10-steps-to-cyber-security\/the-10-steps (accessed 25 October 2019)."},{"key":"key2021050810165619500_ref019","first-page":"234","article-title":"\u2018A socio-behavioral study of home computer users\u2019 intention to practice security","volume-title":"Proceedings of the Ninth Pacific Asia Conference on Information Systems","year":"2005"},{"year":"2019","author":"NIST","key":"key2021050810165619500_ref020"},{"key":"key2021050810165619500_ref021","first-page":"352","article-title":"Social information leakage: effects of awareness and peer pressure on user behavior","volume-title":"Human Aspects of Information Security, Privacy, and Trust","year":"2014"},{"key":"key2021050810165619500_ref022","unstructured":"NSA (2016), \u201cBest practices for keeping your home network secure\u201d, available at: www.dni.gov\/files\/NCSC\/documents\/campaign\/NSA-guide-Keeping-Home-Network-Secure.pdf (accessed 14 October 2019)."},{"first-page":"63","article-title":"Informal support networks: an investigation into home data security practices","year":"2018","key":"key2021050810165619500_ref023"},{"first-page":"217","article-title":"\u2018Study of internet security threats among home users","year":"2012","key":"key2021050810165619500_ref024"},{"key":"key2021050810165619500_ref025","unstructured":"Reynolds, M. (2016), \u201cTalkTalk and post office customers hit by mirai worm attack\u201d, available at: www.wired.co.uk\/article\/deutsche-telekom-cyber-attack-mirai (accessed 19 March 2019)."},{"first-page":"1346","article-title":"SmartNotes: application of crowdsourcing to the detection of web threats","year":"2011","key":"key2021050810165619500_ref026"},{"key":"key2021050810165619500_ref027","doi-asserted-by":"crossref","first-page":"249","DOI":"10.1007\/978-3-642-39377-8_29","article-title":"Improving awareness of social engineering attacks","volume":"406","year":"2013","journal-title":"IFIP Advances in Information and Communication Technology"},{"key":"key2021050810165619500_ref028","unstructured":"Statista (2019), \u201cInternet of things (IoT) connected devices installed base worldwide from 2015 to 2025 (in billions)\u201d, available at: www.statista.com\/statistics\/471264\/iot-number-of-connected-devices-worldwide\/ (accessed 5 April 2019)."},{"volume-title":"Building a Secure Home Network","year":"2001","key":"key2021050810165619500_ref029"},{"first-page":"1","article-title":"Solving security issues using information security awareness portal","year":"2009","key":"key2021050810165619500_ref030"},{"article-title":"Security tip (ST15-002): home network security","year":"2015","author":"US-CERT","key":"key2021050810165619500_ref031"},{"key":"key2021050810165619500_ref032","first-page":"104","article-title":"Design and field evaluation of PassSec: raising and sustaining web surfer risk awareness","volume-title":"International Conference on Trust and Trustworthy Computing, TRUST","year":"2015"},{"key":"key2021050810165619500_ref033","doi-asserted-by":"crossref","first-page":"120","DOI":"10.1145\/3077286.3077563","article-title":"On the user awareness of mobile security recommendations","volume-title":"Proceedings of the SouthEast Conference","year":"2017"},{"issue":"12","key":"key2021050810165619500_ref034","article-title":"A survey of distributed denial-of-service attack, prevention, and mitigation techniques","volume":"13","year":"2017","journal-title":"International Journal of Distributed Sensor Networks"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-05-2020-0073\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-05-2020-0073\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:55Z","timestamp":1753406575000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/29\/1\/25-48\/103800"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,8,3]]},"references-count":36,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2020,8,3]]},"published-print":{"date-parts":[[2021,5,10]]}},"alternative-id":["10.1108\/ICS-05-2020-0073"],"URL":"https:\/\/doi.org\/10.1108\/ics-05-2020-0073","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"type":"print","value":"2056-4961"},{"type":"print","value":"2056-4961"}],"subject":[],"published":{"date-parts":[[2020,8,3]]}}}