A 10-step process model to build attacker personas borrowed from user-centred design is proposed and applied to digital banking in this work, with a focus on the procedural approach. A data set of publicly available secondary data sources and grounded theory analysis are used to build a hypothesis (attacker taxonomy) to base the attacker personas on. Benefits of attacker personas, for example raising security awareness, are outlined as well as current drawbacks, like a lack of integration into the wider security management environment. Future research topics such as methodological advancement, stakeholder verification and collaboration are also mentioned.
|Title of host publication
|NordiCHI '18 Proceedings of the 10th Nordic Conference on Human-Computer Interaction
|Association for Computing Machinery (ACM)
|Number of pages
|Published - 29 Sept 2018