Hostname: page-component-77c89778f8-swr86 Total loading time: 0 Render date: 2024-07-20T19:24:18.724Z Has data issue: false hasContentIssue false

From Innocent Irene to Parental Patrick: Framing User Characteristics and Personas to Design for Cybersecurity

Published online by Cambridge University Press:  26 July 2019

Euiyoung Kim*
Jacobs Institute for Design Innovation, University of California at Berkeley;
JungKyoon Yoon
Department of Design and Environmental Analysis, Cornell University;
Jieun Kwon
Human Factor and Ergonomics, University of Minnesota;
Tiffany Liaw
Bioengineering, University of California at Berkeley;
Alice M. Agogino
Mechanical Engineering, University of California at Berkeley
Contact: Kim, Euiyoung, University of California, Berkeley / Delft University of Technology, Mechanical Engineering / Industrial Design Engineering, United States of America,


Core share and HTML view are not available for this content. However, as you have access to this content, a full PDF is available via the ‘Save PDF’ action button.

With the surging number of digital devices penetrating our daily routines, the risks inherent to cybersecurity—the protection of data on digital products connected to the Internet—have also increased since these devices (e.g., connected home devices, personal monitoring) collect, process, analyze and store users’ sensitive personal information. Thus, there is a pressing need to assist users in being aware of and dealing with potential cybersecurity threats. With the proposition that fulfilling the need starts with developing an in-depth understanding of the user behaviors in the context of cybersecurity, an exploratory study was conducted that employed three mixed qualitative and quantitative research methods—a trend analysis, an interview study, and an online survey study. The paper reports the user characteristics on (1) awareness levels of cybersecurity issues, (2) uses of digital devices, and (3) means of dealing with the privacy issues in product use. The results of the studies were translated into eight personas that systematically reflect distinct characteristics of users, which can help designers empathize with their potential users vulnerable to cybersecurity risks.

Creative Commons
Creative Common License - CCCreative Common License - BYCreative Common License - NCCreative Common License - ND
This is an Open Access article, distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives licence (, which permits non-commercial re-use, distribution, and reproduction in any medium, provided the original work is unaltered and is properly cited. The written permission of Cambridge University Press must be obtained for commercial re-use or in order to create a derivative work.
© The Author(s) 2019


Abawajy, J. (2014), “User preference of cyber security awareness delivery methods”, Behaviour & Information Technology, Vol. 33 No. 3, pp. 237248. Scholar
Adlin, T. and Pruitt, J. (2010), “The essential persona lifecycle: Your guide to building and using personas”, Morgan Kaufmann.Google Scholar
Armerding, T. (2018), The 17 biggest data breaches of the 21st century. [online] Available at: (accessed date November 25, 2018)Google Scholar
Atzori, L., Iera, A. and Morabito, G. (2010), The internet of things: A survey. Computer networks, Vol. 54 No. 15, pp. 27872805.Google Scholar
Bada, M. and Sasse, A. (2014), “Cyber security awareness campaigns: Why do they fail to change behaviour?”, Global Cyber Security Capacity Centre.Google Scholar
Bernd, J., Gordo, B., Choi, J., Morgan, B., Henderson, N., Egelman, S., Garcia, D.D. and Friedland, G. (2015), “Teaching privacy: Multimedia making a difference”, IEEE MultiMedia, No. 1, pp. 1219.10.1109/MMUL.2015.16Google Scholar
Blomquist, Å. and Arvola, M. (2002), “Personas in action: ethnography in an interaction design team”, In Proceedings of the second Nordic conference on Human-computer interaction, ACM, pp. 197200.10.1145/572020.572044Google Scholar
Bruijn, H. and Janssen, M. (2017), “Building cybersecurity awareness: The need for evidence-based framing strategies”, Government Information Quarterly, Vol. 34, pp. 17. Scholar
Chang, Y. N., Lim, Y. K. and Stolterman, E. (2008), “Personas: from theory to practices”, In Proceedings of the 5th Nordic conference on Human-computer interaction: building bridges, ACM, pp. 439442.10.1145/1463160.1463214Google Scholar
Cooper, A. (1999), “The Inmates are Running the Asylum”, In: Arend, U., Eberleh, E., Pitschke, K. (eds) Software-Ergonomie ’99. Berichte des German Chapter of the ACM, Vol. 53. Vieweg+Teubner Verlag, Wiesbaden. Scholar
Faily, S. and Flechais, I. (2011), “Persona cases: a technique for grounding personas”, In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 22672270. ACM. Scholar
Friess, E. (2012), “Personas and decision making in the design process: an ethnographic case study”, In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 12091218.10.1145/2207676.2208572Google Scholar
Gubbi, J., Buyya, R., Marusic, S. and Palaniswami, M. (2013), “Internet of Things (IoT): A vision, architectural elements, and future directions”, Future generation computer systems, Vol. 29 No. 7, pp. 16451660. Scholar
Harknett, R.J. and Stever, J.A. (2011), “The new policy world of cybersecurity”, Public Administration Review, Vol. 71 No. 3, pp. 455460.10.1111/j.1540-6210.2011.02366.xGoogle Scholar
Johnston, J., Rodney, A. and Chong, P. (2014), “Making change in the kitchen? A study of celebrity cookbooks, culinary personas, and inequality”, Poetics, Vol. 47, pp. 122.10.1016/j.poetic.2014.10.001Google Scholar
Kim, E., Jensen, M.B., Poreh, D. and Agogino, A.M. (2018), “Novice designer's lack of awareness to cybersecurity and data vulnerability in new concept development of mobile sensing devices”, In DS92: Proceedings of the DESIGN 2018 15th International Design Conference, Dubrovnik, Croatia, pp. 20352044. Scholar
Kim, E., Kocsik, V.S., Basnage, C.E. and Agogino, A.M. (2013), “Human-centric study of digital-paper transitions: framing design opportunity spaces”, International Conference on Engineering Design (ICED13), The Design Society, Seoul, Korea, 19-22.08. 2013.Google Scholar
Marble, J., Lawless, W., Mittu, R., Coyne, J., Abramson, M. and Sibley, C. (2014), “The Human Factor in Cybersecurity: Robust & Intelligent Defense”, Cyber Warfare, Vol. 56, pp. 173206. Scholar
Massanari, A. (2010), “Designing for imaginary friends: information architecture, personas, and the politics of user-centered design”, New Media & Society, Vol. 12 No. 3, pp. 401416. Scholar
Miaskiewicz, T. and Kozar, K.A. (2011), “Personas and user-centered design: How can personas benefit product design processes?”, Design Studies, Vol. 32 No. 5, pp. 417430. Scholar
McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M. and Pattinson, M. (2017), “Individual differences and information security awareness”, Computers in Human Behavior, Vol. 69, pp. 151156.10.1016/j.chb.2016.11.065Google Scholar
McGinn, J.J. and Kotamraju, N. (2008), “Data-driven persona development”, Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 15211524. ACM. Scholar
McKenna, S., Staheli, D. and Meyer, M. (2015), “Unlocking user-centered design methods for building cyber security visualizations”, Visualization for Cyber Security (VizSec), 2015 IEEE Symposium on, pp. 18. IEEE. Scholar
Newhouse, W., Keith, S., Scribner, B. and Witte, G. (2017), “National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework”, NIST Special Publication, Vol. 800, p. 181.Google Scholar
Newman, L. H. (2018), The Worst Cybersecurity Breaches of 2018 So Far. [online] Available at: (accessed date November 25, 2018)Google Scholar
Pillemer, K.A. (2012), “30 lessons for living: tried and true advice from the wisest Americans”, Penguin.Google Scholar
Piyare, R. (2013), “Internet of Things: Ubiquitous home control and monitoring system using Android based smart phone”, International Journal of Internet of Things, Vol. 2 No. 1, pp. 511.Google Scholar
Pruitt, J. and Adlin, T. (2010), “The persona lifecycle: keeping people in mind throughout product design”, Elsevier.Google Scholar
Rosner, G. and Kenneally, E. (2018), Privacy and the Internet of Things: Emerging frameworks for policy and design, The Center for Long-term Cybersecurity (CLTC), Berkeley, CA, Scholar
Rosner, G. and Kenneally, E. (2017), Privacy and the Internet of Things, Center for Long-Term Cybersecurity, Berkeley, CA.Google Scholar
Siddall, E., Baibarac, C., Byrne, A., Byrne, N., Deasy, A., Flood, N., … and Wang, , Y. (2011), “Personas as a user-centred design tool for the built environment”, Proceedings of the Institution of Civil Engineers-Engineering Sustainability, Vol. 164 No. 1, March 2011, pp. 5969, Scholar
Singer, P.W. and Friedman, A. (2014), Cybersecurity: What everyone needs to know, Oxford University Press. Scholar
Stoll, J., McColgin, D., Gregory, M., Crow, V. and Edwards, W.K. (2008), “Adapting personas for use in security visualization design. In VizSEC 2007 (pp. 39-52). Springer, Berlin, Heidelberg.Google Scholar
Ten, C.W., Liu, C.C. and Manimaran, G. (2008), “Vulnerability Assessment of Cybersecurity for SCADA Systems”, IEEE Transactions on Power Systems, Vol. 23 No. 4, pp. 18361846. Scholar
Ten, C.W., Manimaran, G. and Liu, C.C. (2010), “Cybersecurity for critical infrastructures: Attack and defense modeling”, IEEE Transactions on Systems, Man, and Cybernetics-Part A: Systems and Humans, Vol. 40 No. 4, pp. 853865. Scholar