Defining a “generic” end-user: An information security perspective

“If you know the enemy and know yourself, you need not fear the results of a hundreds battles” Sun Tzu - Art of War. Security educators should start by knowing the target audience first; and then only should they create and prepare an information-security educational program. Unfortunately, information-security educational programs are often implemented without getting to know the target audience first. This results in programs that are not linguistically appropriate; or else they are not on the same knowledge level as that of the target audience. This could leave end-users bored or confused - without successfully changing the behaviour and knowledge of these end-users. This paper examines the role(s) of information-security end-users, in order to provide a profile of the “generic” end-user.