Preventing IT security incidents poses a great challenge for organizations. Today, senior managers allocate more resources to IT security programs (especially those programs that focus on educating and training employees) in order to reduce human misbehavior—a significant cause of IT security incidents. Building on the results of a literature review, we identify factors that affect the success of security education, training, and awareness (SETA) programs and organize them in a conceptual classification. The classification contains human influencing factors derived from different behavioral, decision making, and criminology theories that lead to IT security compliance and noncompliance. The classification comprehensively summarizes these factors and shows the correlations between them. The classification can help one to design and develop SETA programs and to establish suitable conditions for integrating them into organizations.
Kirova, Denitsa and Baumoel, Ulrike
"Factors that Affect the Success of Security Education, Training, and Awareness Programs: A Literature Review,"
Journal of Information Technology Theory and Application (JITTA): Vol. 19
, Article 4.
Available at: https://aisel.aisnet.org/jitta/vol19/iss4/4