Abstract

Effective information security education, training and awareness (SETA) is essential for protecting organisational information resources. Whilst most organisations invest significantly in implementing SETA programs, the number of incidents resulting from employee noncompliance with security policy are increasing. This trend may indicate that many current SETA programs are not as effective as they should be. We argue that existing SETA programs are not optimal in changing employee behaviour to comply with security policy as they lack a theoretical base that can inform and guide the development of SETA programs. This study draws on knowledge from the medical domain on the use of theory to design an intervention to bring about sustainable behaviour change. The paper therefore adopts an intervention design process, based on the behaviour change wheel (BCW) framework, to develop a theory-informed SETA development process. The paper demonstrates the use of BCW in the analysis of the target behaviour and the selection of suitable strategies and techniques to change the target behaviour. The proposed SETA development process provides a sound basis for future empirical work including focus groups and action research.

Share

COinS