Deliver security awareness training, then repeat: {deliver; measure efficacy}

Tapiwa Gundu, Stephen Flowerday, Karen Renaud

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)
190 Downloads (Pure)

Abstract

Organisational information security policy contents are disseminated by awareness and training drives. Its success is usually judged based on immediate post-training self-reports which are usually subject to social desirability bias. Such self-reports are generally positive, but they cannot act as a proxy for actual subsequent behaviours.

This study aims to formulate and test a more comprehensive way of measuring the efficacy of these awareness and training drives, called ASTUTE. We commenced by delivering security training. We then assessed security awareness (post-training), and followed up by measuring actual behaviours. When we measured actual behaviours after a single delivery of security awareness training, the conversion from intention to behaviour was half of the desired 100%. We then proceeded to deliver the training again, another two times.

The repeated training significantly reduced the gap between self-reported intention and actual secure behaviours.
Original languageEnglish
Title of host publication2019 Conference on Information Communications Technology and Society (ICTAS)
PublisherIEEE
Pages106-111
Number of pages6
ISBN (Electronic)9781538673652
ISBN (Print)9781538673669
DOIs
Publication statusPublished - 2 May 2019
EventInformation Communications Technology and Society Conference - Blue Waters Hotel, Marine Parade, Durban, South Africa
Duration: 6 Mar 20197 Mar 2019
Conference number: 3rd
http://www.ictas2019.com/

Conference

ConferenceInformation Communications Technology and Society Conference
Abbreviated titleIEEE ICTAS
CountrySouth Africa
CityDurban
Period6/03/197/03/19
Internet address

Fingerprint Dive into the research topics of 'Deliver security awareness training, then repeat: {deliver; measure efficacy}'. Together they form a unique fingerprint.

  • Cite this

    Gundu, T., Flowerday, S., & Renaud, K. (2019). Deliver security awareness training, then repeat: {deliver; measure efficacy}. In 2019 Conference on Information Communications Technology and Society (ICTAS) (pp. 106-111). IEEE . https://doi.org/10.1109/ICTAS.2019.8703523