Deliver security awareness training, then repeat

Gundu, Tapiwa and Flowerday, Stephen and Renaud, Karen; (2019) Deliver security awareness training, then repeat. In: 2019 Conference on Information Communications Technology and Society (ICTAS). IEEE, ZAF, pp. 106-111. ISBN 9781538673652 (https://doi.org/10.1109/ICTAS.2019.8703523)

[thumbnail of Gundu-etal-IEEE-ICTAS2019-Deliver-security-awareness-training-then-repeat]
Preview
 Text. Filename: Gundu_etal_IEEE_ICTAS2019_Deliver_security_awareness_training_then_repeat.pdf
Accepted Author Manuscript
Download (1MB)| Preview

Abstract

Organisational information security policy contents are disseminated by awareness and training drives. Its success is usually judged based on immediate post-training self-reports which are usually subject to social desirability bias. Such self-reports are generally positive, but they cannot act as a proxy for actual subsequent behaviours.This study aims to formulate and test a more comprehensive way of measuring the efficacy of these awareness and training drives, called ASTUTE. We commenced by delivering security training. We then assessed security awareness (post-training), and followed up by measuring actual behaviours. When we measured actual behaviours after a single delivery of security awareness training, the conversion from intention to behaviour was half of the desired 100%. We then proceeded to deliver the training again, another two times.The repeated training significantly reduced the gap between self-reported intention and actual secure behaviours.

ORCID iDs

Gundu, Tapiwa, Flowerday, Stephen and Renaud, Karen ORCID logoORCID: https://orcid.org/0000-0002-7187-6531;
  • Item type:Book Section
    ID code:75566
    Dates:
    Date
    Event
    2 May 2019
    Published
    8 March 2019
    Published Online
    25 November 2018
    Accepted
    Notes:© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting /republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
    Subjects:Science > Mathematics > Electronic computers. Computer science
    Department:Faculty of Science > Computer and Information Sciences
    Depositing user: Pure Administrator
    Date deposited:25 Feb 2021 14:06
    Last modified:11 Nov 2024 15:24
    Related URLs:
    URI:https://strathprints.strath.ac.uk/id/eprint/75566
CORE (COnnecting REpositories)