Abstract
Organisational information security policy contents are disseminated by awareness and training drives. Its success is usually judged based on immediate post-training self-reports which are usually subject to social desirability bias. Such self-reports are generally positive, but they cannot act as a proxy for actual subsequent behaviours.
This study aims to formulate and test a more comprehensive way of measuring the efficacy of these awareness and training drives, called ASTUTE. We commenced by delivering security training. We then assessed security awareness (post-training), and followed up by measuring actual behaviours. When we measured actual behaviours after a single delivery of security awareness training, the conversion from intention to behaviour was half of the desired 100%. We then proceeded to deliver the training again, another two times.
The repeated training significantly reduced the gap between self-reported intention and actual secure behaviours.
This study aims to formulate and test a more comprehensive way of measuring the efficacy of these awareness and training drives, called ASTUTE. We commenced by delivering security training. We then assessed security awareness (post-training), and followed up by measuring actual behaviours. When we measured actual behaviours after a single delivery of security awareness training, the conversion from intention to behaviour was half of the desired 100%. We then proceeded to deliver the training again, another two times.
The repeated training significantly reduced the gap between self-reported intention and actual secure behaviours.
| Original language | English |
|---|---|
| Title of host publication | 2019 Conference on Information Communications Technology and Society (ICTAS) |
| Publisher | IEEE |
| Pages | 106-111 |
| Number of pages | 6 |
| ISBN (Electronic) | 9781538673652 |
| ISBN (Print) | 9781538673669 |
| DOIs | |
| Publication status | Published - 2 May 2019 |
| Event | Information Communications Technology and Society Conference - Blue Waters Hotel, Marine Parade, Durban, South Africa Duration: 6 Mar 2019 → 7 Mar 2019 Conference number: 3rd http://www.ictas2019.com/ |
Conference
| Conference | Information Communications Technology and Society Conference |
|---|---|
| Abbreviated title | IEEE ICTAS |
| Country/Territory | South Africa |
| City | Durban |
| Period | 6/03/19 → 7/03/19 |
| Internet address |
Keywords
- Information security awareness
- Information security assessment
- Intention behaviour gap