Assessment of the Impact of Information Security Awareness Training Methods on Knowledge, Attitude, and Behavior

Abstract

Read online

Technology is changing the way we work more than ever before. Therefore, it is critical to understand the security threats associated with these advanced tools to protect systems and data. Security is a combination of people, processes, and technology. Thus, to effectively counter cyber-threats, information security awareness (ISA) programs are an essential cornerstone of enterprise security. There are many ways in which information security knowledge can be delivered. In this paper, we have conducted an experiment to test the impact of multiple intervention strategies on knowledge, attitude, and behavior. The HAIS-Q was used to evaluate the effectiveness of training methods on the employees. Our study suggests that all methods raise knowledge equivalently. However, having more than one delivery method to convey the same message has a greater impact on users’ attitudes. When it comes to behavioral change, however, text-based and game-based training formats performed better than their counterparts. Additionally, employees’ tendency to engage in self-education activities and participate in future awareness programs was influenced by the intervention strategy. These findings have important implications, as ISA programs should be designed in a way that positively influences the mindset of employees and motivates them to embrace security practices in their daily activities.

Keywords

• Information security awareness
• security training
• security management
• cybersecurity
• cybersecurity assessment