A Design Thinking Approach on Information Security

Abstract

More than ever before, the economic success of companies depends on the use of information and communication technologies. Along with this development, cyber security plays a vital role to ensure the continuous and secure operation of critical applications and IT-services. The human factor represents one especially important aspect for ensuring cyber security in organizations, which has taken a turn for the worse in recent time. Security awareness activities, such as security training, newsletters or quizzes, are often performed to try to improve the situation, but the effects are slow to materialize and often do not bring lasting change. This paper therefore gets to the root of the problem using a different approach, which is centered around the people involved. The introduced framework combines the domains of design thinking and information security and presents a creative and human-centered way towards cyber security. We highlight building blocks, tools and techniques, which support the implementation of the presented framework. In order to demonstrate the applicability of the approach, we present our evaluation results of start-up company, which used our approach.