Paper Number



Since the late 1990s, security education training and awareness (SETA) programs have become commonplace. Despite extensive research into the effective design of such programs and factors influencing compliance behavior, SETA programs tend not to be as effective as they should be. In order to tailor learning content as closely as possible to individual needs, vocational education relies on the modeling and measurement of competencies. We argue that this existing knowledge can be transferred to the information security domain. Therefore, we introduce a competence model from vocational education and consider it in the context of the information security domain. Subsequently, we conduct a structured literature review on conceptualization and effective SETA design and investigate to what extent the competence dimensions from vocational education are already considered in the SETA literature. Our results indicate that competence research can make an important contribution to adapting SETA programs to individual situational actions.



When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.