Forget the Fluff: Examining How Media Richness Influences the Impact of Information Security Training on Secure Behavior

  title={Forget the Fluff: Examining How Media Richness Influences the Impact of Information Security Training on Secure Behavior},
  author={Jeffrey L. Jenkins and Alexandra Durcikova and Mary B. Burns},
  journal={2012 45th Hawaii International Conference on System Sciences},
User-initiated security breaches are common and can be very costly to organizations. Information security training can be used as an effective tool to improve users' secure behavior and thus alleviate security breaches. Via the lens of learning, media richness, and cognitive load theories, this research examines how to improve the effectiveness of security training. We conduct a realistic laboratory experiment to examine the influence of training with different degrees of media richness on… 

Figures and Tables from this paper

The Misunderstood Link : Information Security Training Strategy Emergent Research Forum ( ERF )

The model is of interest to investigate if using a training design that includes goals/inputs matching tools and users, a training process matching inputs to methods, and knowledge transfer outcomes emphasizing affective and meta cognitive learning, has a positive impact on secure behavior when using IS.

What, I Shouldn't Have Done That? : The Influence of Training and Just-in-Time Reminders on Secure Behavior

This research explains how two common SETA program components—online training and reminders—influence behavior through discrete theoretical mechanisms and tests how just-in-time reminders can help overcome dual-task interference and influence behavior directly.

Improving Compliance with Password Guidelines: How User Perceptions of Passwords and Security Threats Affect Compliance with Guidelines

This study suggests effective ways that trainers or employers can improve compliance with password guidelines and suggests training programs should aim to enhance IS security coping appraisal.

Security Education, Training, and Awareness Programs: Literature Review

It is argued that a comprehensive literature review regarding SETA is vital for holistically investigating the findings of previous SETA research and unveiling the characteristics and factors that influence the effectiveness of SETA.

A protection motivation theory approach to improving compliance with password guidelines

This research found mnemonic password training to have some long-term effects on users’ ability to remember passwords, which is arguably one of the most vexing challenges associated with passwords.

Choose your own training adventure: designing a gamified SETA artefact for improving information security and privacy through interactive storytelling

A gamified, “choose your own adventure” style security education, training, and awareness artefact using two formats: text and visual that was designed to identify the security threats that trainees are most susceptible to, debrief them about the threat and its potential consequences, and facilitate behaviour change by letting trainees re-evaluate their decisions.

When Training Gets Trumped: How dual-Task interference inhibits Security Training

This work explains how dual-task interference (DTI) is a primary cause of security training disregard, and hypothesizes how prompting users to perform security behaviors during high-DTI times may derail one’s previous security training, resulting in less secure behaviors.

Information security awareness and behavior: a theory-based literature review

Purpose – This paper aims to provide an overview of theories used in the field of employees’ information systems (IS) security behavior over the past decade. Research gaps and implications for future

Subjective Norm and Measuring Its Impact on Information Security Behavioral Intention in Organizations.

This study reviews various research on subjective norm and information security to obtain the most commonly used description for subjective norm in the area of information security and presents a conceptual model for operationalizing the obtained subjective norm measures and enhancing information security in organizations.

Exploratory Factor Analysis of UserâÂÂs Compliance Behaviour towards Health Information SystemâÂÂs Security

The preliminary study facilitates researcher in developing new model that integrates TPB and TAM that can be used to increase knowledge of user’s compliance behaviour towards health information system's security.



Encouraging Users to Behave Securely: Examining the Influence of Technical, Managerial, and Educational Controls on Users' Secure Behavior

This research presents a dual-processing model explaining and predicting secure behavior in relation to password policies that posits that the number of password security layers, training, and manager attitude toward secure behavior (managerial controls) influence secure behavior directly and also indirectly through security policy satisfaction.

Get a Cue on IS Security Training: Explaining the Difference between how Security Cues and Security Arguments Improve Secure Behavior

This paper hypothesizes the different theoretical mechanisms through which security arguments and security cues influence secure behavior and when they are more effective in influencing secure behavior than security arguments.

Studying users' computer security behavior: A health belief perspective

User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach

An extended deterrence theory model is presented that combines work from criminology, social psychology, and information systems and suggests that user awareness of security countermeasures directly influences the perceived certainty and severity of organizational sanctions associated with IS misuse, which leads to reduced IS misuse intention.

Users are not the enemy

It is argued that to change this state of affairs, security departments need to communicate more with users, and adopt a usercentered design approach.

Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study

This study proposes a training program based on two theories: the universal constructive instructional theory and the elaboration likelihood model and validate the training program for IS security policy compliance training through an action research project.

The Centrality of Awareness in the Formation of User Behavioral Intention toward Protective Information Technologies

It is found that awareness of the threats posed by negative technologies is a strong predictor of user behavioral intention toward the use of protective technologies and the influence of subjective norm on individual behavioral intention is weaker among basic technology users but stronger among advanced technology users.

If someone is watching, I'll do what I'm asked: mandatoriness, control, and information security

A model to explain individual information security precaution-taking behavior is built and it is found that the acts of specifying policies and evaluating behaviors are effective in convincing individuals that security policies are mandatory.