Keywords

security education training and awareness programs, reminders, IS security, dual-task interference, Theory of Planned Behavior

Abstract

Organizations often implement Security Education, Training, and Awareness (SETA) programs to help improve secure behavior. SETA programs can be multifaceted; however, organizations often take a “one-size-fits-all” approach to improve security, without understanding how different SETA components influence behavior. In this research, we explain how two common SETA program components—online training and reminders—influence behavior through discrete theoretical mechanisms. First, we hypothesize that online training influences behavior through improving beliefs and intentions. However, because of dual-task interference, the relationship between beliefs and intentions may be hindered. We then explain how just-in-time reminders can help overcome dual-task interference and influence behavior directly. We test our hypotheses in a realistic experiment that operationalizes secure behavior as sensitive information disclosure. Our results confirm that training influences beliefs and intentions, and reminders influence behavior directly. Theoretical and practical implications are discussed regarding the use of multi-faceted SETA programs to improve actual secure behavior.

Original Publication Citation

Jenkins, J. L., Durcikova, A. (2013) “What, I Shouldn’t Have Done That?: The Influence of Training and Just-in-Time Reminders on Secure Behavior” International Conference on Information Systems, Milan, Italy, December 15-18.

Document Type

Conference Paper

Publication Date

2013

Publisher

International Conference on Information Systems

Language

English

College

Marriott School of Business

Department

Information Systems Management

University Standing at Time of Publication

Full Professor

Share

COinS