Start Date
12-17-2013
Description
Organizations often implement Security Education, Training, and Awareness (SETA) programs to help improve secure behavior. SETA programs can be multifaceted; however, organizations often take a “one-size-fits-all” approach to improve security, without understanding how different SETA components influence behavior. In this research, we explain how two common SETA program components—online training and reminders—influence behavior through discrete theoretical mechanisms. First, we hypothesize that online training influences behavior through improving beliefs and intentions. However, because of dual-task interference, the relationship between beliefs and intentions may be hindered. We then explain how just-in-time reminders can help overcome dual-task interference and influence behavior directly. We test our hypotheses in a realistic experiment that operationalizes secure behavior as sensitive information disclosure. Our results confirm that training influences beliefs and intentions, and reminders influence behavior directly. Theoretical and practical implications are discussed regarding the use of multi-faceted SETA programs to improve actual secure behavior.
Recommended Citation
Jenkins, Jeffrey and Durcikova, Alexandra, "What, I Shouldn’t Have Done That? : The Influence of Training and Just-in-Time Reminders on Secure Behavior" (2013). ICIS 2013 Proceedings. 7.
https://aisel.aisnet.org/icis2013/proceedings/SecurityOfIS/7
What, I Shouldn’t Have Done That? : The Influence of Training and Just-in-Time Reminders on Secure Behavior
Organizations often implement Security Education, Training, and Awareness (SETA) programs to help improve secure behavior. SETA programs can be multifaceted; however, organizations often take a “one-size-fits-all” approach to improve security, without understanding how different SETA components influence behavior. In this research, we explain how two common SETA program components—online training and reminders—influence behavior through discrete theoretical mechanisms. First, we hypothesize that online training influences behavior through improving beliefs and intentions. However, because of dual-task interference, the relationship between beliefs and intentions may be hindered. We then explain how just-in-time reminders can help overcome dual-task interference and influence behavior directly. We test our hypotheses in a realistic experiment that operationalizes secure behavior as sensitive information disclosure. Our results confirm that training influences beliefs and intentions, and reminders influence behavior directly. Theoretical and practical implications are discussed regarding the use of multi-faceted SETA programs to improve actual secure behavior.