A Systematic Review of Security Communication Strategies: Guidelines and Open Challenges

• URL: http://arxiv.org/abs/2504.02109v1
• Date: Wed, 02 Apr 2025 20:18:38 GMT
• Title: A Systematic Review of Security Communication Strategies: Guidelines and Open Challenges
• Authors: Carolina Carreira, Alexandra Mendes, João F. Ferreira, Nicolas Christin,
• Abstract summary: We identify user difficulties including information overload, technical comprehension, and balancing security awareness with comfort.<n>Our findings reveal consistent communication paradoxes: users require technical details for credibility yet struggle with jargon and need risk awareness without experiencing anxiety.<n>This work contributes to more effective security communication practices that enable users to recognize and respond to cybersecurity threats appropriately.
• Score: 47.205801464292485
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Cybersecurity incidents such as data breaches have become increasingly common, affecting millions of users and organizations worldwide. The complexity of cybersecurity threats challenges the effectiveness of existing security communication strategies. Through a systematic review of over 3,400 papers, we identify specific user difficulties including information overload, technical jargon comprehension, and balancing security awareness with comfort. Our findings reveal consistent communication paradoxes: users require technical details for credibility yet struggle with jargon and need risk awareness without experiencing anxiety. We propose seven evidence-based guidelines to improve security communication and identify critical research gaps including limited studies with older adults, children, and non-US populations, insufficient longitudinal research, and limited protocol sharing for reproducibility. Our guidelines emphasize user-centric communication adapted to cultural and demographic differences while ensuring security advice remains actionable. This work contributes to more effective security communication practices that enable users to recognize and respond to cybersecurity threats appropriately.

Related papers

• Secure Physical Layer Communications for Low-Altitude Economy Networking: A Survey [76.36166980302478]
  The Low-Altitude Economy Networking (LAENet) is emerging as a transformative paradigm. Physical layer communications in the LAENet face growing security threats due to inherent characteristics of aerial communication environments. This survey comprehensively reviews existing secure countermeasures for physical layer communication in the LAENet.
  arXiv  Detail & Related papers  (2025-04-12T09:36:53Z)
• Decoding User Concerns in AI Health Chatbots: An Exploration of Security and Privacy in App Reviews [1.2437039433843042]
  This study evaluates the effectiveness of automated methods, specifically BART and Gemini GenAI, in identifying security privacy related (SPR) concerns.<n>Our results indicate that while Gemini's performance in SPR classification is comparable to manual labeling, both automated methods have limitations.
  arXiv  Detail & Related papers  (2025-01-31T00:38:37Z)
• Open Problems in Machine Unlearning for AI Safety [61.43515658834902]
  Machine unlearning -- the ability to selectively forget or suppress specific types of knowledge -- has shown promise for privacy and data removal tasks.<n>In this paper, we identify key limitations that prevent unlearning from serving as a comprehensive solution for AI safety.
  arXiv  Detail & Related papers  (2025-01-09T03:59:10Z)
• Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
  We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC) ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic. We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
  arXiv  Detail & Related papers  (2024-11-21T18:26:05Z)
• Semantic Communication Networks Empowered Artificial Intelligence of Things [2.590720801978138]
  This paper presents a comprehensive survey of security and privacy threats across various layers of semantic communication systems. We identify critical open issues in this burgeoning field warranting further investigation.
  arXiv  Detail & Related papers  (2024-07-04T14:39:28Z)
• AI Risk Management Should Incorporate Both Safety and Security [185.68738503122114]
  We argue that stakeholders in AI risk management should be aware of the nuances, synergies, and interplay between safety and security. We introduce a unified reference framework to clarify the differences and interplay between AI safety and AI security.
  arXiv  Detail & Related papers  (2024-05-29T21:00:47Z)
• Enhancing Security Awareness Through Gamified Approaches [0.21990652930491858]
  Gamification is a new concept in the field of information security awareness training (SAT) campaigns. This paper examines the effectiveness ofGamification in promoting security awareness among smart meter components for smart grid users/operators. It can be demonstrated that the scores of participants in the three levels have improved by 40%, 35% and 29%, respectively.
  arXiv  Detail & Related papers  (2024-04-13T17:32:05Z)
• Getting Users Smart Quick about Security: Results from 90 Minutes of Using a Persuasive Toolkit for Facilitating Information Security Problem Solving by Non-Professionals [2.4923006485141284]
  A balanced level of user engagement in security is difficult to achieve due to difference of priorities between the business perspective and the security perspective. We have developed a persuasive software toolkit to engage users in structured discussions about security vulnerabilities in their company. In the research reported here we examine how non-professionals perceived security problems through a short-term use of the toolkit.
  arXiv  Detail & Related papers  (2022-09-06T11:37:21Z)
• Towards Automated Classification of Attackers' TTPs by combining NLP with ML Techniques [77.34726150561087]
  We evaluate and compare different Natural Language Processing (NLP) and machine learning techniques used for security information extraction in research. Based on our investigations we propose a data processing pipeline that automatically classifies unstructured text according to attackers' tactics and techniques.
  arXiv  Detail & Related papers  (2022-07-18T09:59:21Z)
• A System for Automated Open-Source Threat Intelligence Gathering and Management [53.65687495231605]
  SecurityKG is a system for automated OSCTI gathering and management. It uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors.
  arXiv  Detail & Related papers  (2021-01-19T18:31:35Z)
• SMEs' Confidentiality Concerns for Security Information Sharing [1.3452510519858993]
  Small and medium-sized enterprises are considered an essential part of the EU economy, however, highly vulnerable to cyberattacks. This paper presents the results of semi-structured interviews with seven chief information security officers of SMEs to evaluate the impact of online consent communication on motivation for information sharing. The findings demonstrate that online consent with multiple options for indicating a suitable level of agreement improved motivation for information sharing.
  arXiv  Detail & Related papers  (2020-07-13T10:59:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.