Keywords

security training, dual-task interference (DTI), interruptions, user security behavior, security prompt timing

Abstract

Security training programs are an important intervention to protect users and organizations against security threats. Unfortunately, users often ignore their training and engage in poor security behaviors. We explain how dual-task interference (DTI) is a primary cause of security training disregard. DTI is a cognitive limitation wherein humans cannot perform more than one task simultaneously without experiencing a deterioration of performance. In our context, we hypothesize how prompting users to perform security behaviors during high-DTI times may derail one’s previous security training, resulting in less secure behaviors.

We test our hypotheses in an experiment that compares users’ adherence to security training during low-DTI and high-DTI times in a realistic context. We found that performing security behaviors during low-DTI times increased adherence to prior security training by 31% compared to performing behaviors during high-DTI times. The results have implications for using DTI as a theoretical framework for understanding security behaviors, prompting users to perform security behaviors during times that will maximize adherence to past security training, and considering humans’ neurological limitations when designing security training and intervention programs.

Original Publication Citation

Jenkins, J., Anderson, B., Vance, A., Jensen, S., "When Training Gets Trumped: How Dual-Task Interference Inhibits Security Training," European Conference on Information Systems (ECIS), Istanbul, Turkey, June 2016. In Conference Proceedings.

Document Type

Conference Paper

Publication Date

2016

Publisher

European Conference on Information Systems

Language

English

College

Marriott School of Business

Department

Information Systems Management

University Standing at Time of Publication

Full Professor

Download

Share

COinS