The increasing number of security incidents is causing great concern to organizations. Information

security awareness programs are an important approach towards educating users to prevent such

incidents. However, it is unclear how to effectively design security programs and messages such that

they can inform and change user behaviour. The role of individual factors in influencing the

processing of security messages is also unclear. This paper attempts to investigate these problems by

studying the effects of security message characteristics and recipient factors on users’ attitude

towards security, using the information-processing theory of elaboration likelihood. Two models are

developed for this study. The first model studies two message characteristics, argument quantity and

quality, as determinants of attitude towards security. A 2x2 factorial design experiment will be

conducted to investigate the influence of these characteristics on attitude moderated by the

elaboration likelihood towards the security message. The second model tests the effect of four

recipient factors on elaboration likelihood. The model development, experimental methodology, and

data analysis details are described in this research-in-progress paper. The results are expected to

inform the design of effective security messages and contribute to research in this area.