Start Date

12-17-2013

Description

Organizations often implement Security Education, Training, and Awareness (SETA) programs to help improve secure behavior. SETA programs can be multifaceted; however, organizations often take a “one-size-fits-all” approach to improve security, without understanding how different SETA components influence behavior. In this research, we explain how two common SETA program components—online training and reminders—influence behavior through discrete theoretical mechanisms. First, we hypothesize that online training influences behavior through improving beliefs and intentions. However, because of dual-task interference, the relationship between beliefs and intentions may be hindered. We then explain how just-in-time reminders can help overcome dual-task interference and influence behavior directly. We test our hypotheses in a realistic experiment that operationalizes secure behavior as sensitive information disclosure. Our results confirm that training influences beliefs and intentions, and reminders influence behavior directly. Theoretical and practical implications are discussed regarding the use of multi-faceted SETA programs to improve actual secure behavior.

Share

COinS
 
Dec 17th, 12:00 AM

What, I Shouldn’t Have Done That? : The Influence of Training and Just-in-Time Reminders on Secure Behavior

Organizations often implement Security Education, Training, and Awareness (SETA) programs to help improve secure behavior. SETA programs can be multifaceted; however, organizations often take a “one-size-fits-all” approach to improve security, without understanding how different SETA components influence behavior. In this research, we explain how two common SETA program components—online training and reminders—influence behavior through discrete theoretical mechanisms. First, we hypothesize that online training influences behavior through improving beliefs and intentions. However, because of dual-task interference, the relationship between beliefs and intentions may be hindered. We then explain how just-in-time reminders can help overcome dual-task interference and influence behavior directly. We test our hypotheses in a realistic experiment that operationalizes secure behavior as sensitive information disclosure. Our results confirm that training influences beliefs and intentions, and reminders influence behavior directly. Theoretical and practical implications are discussed regarding the use of multi-faceted SETA programs to improve actual secure behavior.