Skip to main content
SpringerLink
Log in

Security Education, Training, and Awareness: Incorporating a Social Marketing Approach for Behavioural Change

  • Conference paper
  • First Online:
Information and Cyber Security (ISSA 2020)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1339))

Included in the following conference series:

Abstract

Effective information security education, training, and awareness (SETA) is essential for protecting organisational information resources. Although many organisations invest significantly in SETA, incidents resulting from employee noncompliance are still increasing. We argue that this may indicate that current SETA programs are sub-optimal in improving security compliance behaviour among employees, as they lack sufficient grounding in theory. This study proposes a new process for SETA development based on the social marketing approach. The proposed process involves selecting specific behaviour, developing a deeper understanding of the target audience, and using theory-informed intervention strategies for changing behaviour. The SETA development process provides a sound basis for future empirical work that will include focus groups and action research.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. NTT Security: Global Threat Intelligence Report. NTT Security (2019). https://www.nttsecurity.com/docs/librariesprovider3/resources/2019-gtir/2019_gtir_report_2019_uea_v2.pdf

  2. Tsohou, A., Karyda, M., Kokolakis, S., Kiountouzis, E.: Managing the introduction of information security awareness programmes in organisations. Eur. J. Inf. Syst. 24, 38–58 (2015)

    Article  Google Scholar 

  3. Posey, C., Roberts, T.L., Lowry, P.B.: The impact of organizational commitment on insiders’ motivation to protect organizational information assets. J. Manag. Inf. Syst. 32, 179–214 (2015)

    Article  Google Scholar 

  4. Alshaikh, M., Maynard, S.B., Ahmad, A., Chang, S.: An exploratory study of current information security training and awareness practices in organizations. In: Proceedings of the 51st Hawaii International Conference on System Sciences, pp. 5085–5094 (2018)

    Google Scholar 

  5. Siponen, M., Willison, R.: Information security management standards: problems and solutions. Inf. Manag. 46, 267–270 (2009)

    Article  Google Scholar 

  6. Öğütçü, G., Testik, Ö.M., Chouseinoglou, O.: Analysis of personal information security behavior and awareness. Comput. Secur. 56, 83–93 (2016)

    Article  Google Scholar 

  7. Lee, N.R., Kotler, P.: Social Marketing: Changing Behaviors for Good. Sage Publications, Thousand Oaks (2015)

    Google Scholar 

  8. D’Arcy, J., Hovav, A., Galletta, D.: User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Inf. Syst. Res. 20, 79–98 (2009)

    Article  Google Scholar 

  9. Whitman, M.E., Mattord, H.J.: Management of Information Security. Thomson Course Technology, Boston (2008)

    Google Scholar 

  10. Karjalainen, M., Siponen, M.: Toward a new meta-theory for designing information systems (IS) security training approaches. J. Assoc. Inf. Syst. 12, 518–555 (2011)

    Google Scholar 

  11. Scrimgeour, J.-M., Ophoff, J.: Lessons learned from an organizational information security awareness campaign. In: Drevin, L., Theocharidou, M. (eds.) WISE 2019. IAICT, vol. 557, pp. 129–142. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-23451-5_10

    Chapter  Google Scholar 

  12. Poepjes, R.: The development and evaluation of an information security awareness capability model: linking ISO/IEC 27002 controls with awareness importance, capability and risk. University of Southern Queensland (2015)

    Google Scholar 

  13. Kajzer, M., D’Arcy, J., Crowell, C.R., Striegel, A., Van Bruggen, D.: An exploratory investigation of message-person congruence in information security awareness campaigns. Comput. Secur. 43, 64–76 (2014)

    Article  Google Scholar 

  14. Vance, A., Siponen, M., Pahnila, S.: Motivating IS security compliance: insights from habit and protection motivation theory. Inf. Manag. 49, 190–198 (2012)

    Article  Google Scholar 

  15. Al-Omari, A., El-Gayar, O., Deokar, A.: Information security policy compliance: the role of information security awareness. In: Americas Conference on Information Systems (AMCIS) (2012)

    Google Scholar 

  16. Puhakainen, P., Siponen, M.: Improving employees’ compliance through information systems security training: an action research study. MIS Q. 34, 757–778 (2010)

    Article  Google Scholar 

  17. Cram, W.A., D’arcy, J., Proudfoot, J.G.: Seeing the forest and the trees: a meta-analysis of the antecedents to information security policy compliance. MIS Q. 43, 525–554 (2019)

    Article  Google Scholar 

  18. French, J., Merritt, R., Reynolds, L.: Social Marketing Casebook. Sage, Thousand Oaks (2011)

    Book  Google Scholar 

  19. McKenzie-Mohr, D.: Fostering Sustainable Behavior: An Introduction to Community-Based Social Marketing. New Society Publishers, Gabriola (2011)

    Google Scholar 

  20. French, J., Blair-Stevens, C.: Social Marketing Pocket Guide (2005)

    Google Scholar 

  21. French, J., Blair-Stevens, C., McVey, D., Merritt, R.: Social Marketing and Public Health: Theory and Practice. Oxford University Press, Oxford (2010)

    Google Scholar 

  22. Spitzner, L.: Defining the Security Awareness Maturity Model. Security Awareness, vol. 2019. SANS (2016)

    Google Scholar 

  23. Alshaikh, M., Naseer, H., Ahmad, A., Maynard, S.B.: Toward sustainable behaviour change: an approach for cyber security education training and awareness. In: European Conference on Information Systems, p. 15 (2019)

    Google Scholar 

  24. Michie, S., Atkins, L., West, R.: The Behavior Change Wheel: A Guide to Designing Interventions. Silverback Publishing, Great Britain (2014)

    Google Scholar 

  25. Glanz, K., Rimer, B.K.: Theory at a glance: a guide for health promotion practice. US Department of Health and Human Services, Public Health Service (1997)

    Google Scholar 

  26. Sowers, W., French, J., Blair-Stevens, C.: Lessons learned from social marketing models in the United Kingdom. Soc. Mark. Q. 13, 58–62 (2007)

    Article  Google Scholar 

  27. Abawajy, J.: User preference of cyber security awareness delivery methods. Behav. Inf. Technol. 33, 237–248 (2014)

    Article  Google Scholar 

  28. Grier, S., Bryant, C.A.: Social marketing in public health. Ann. Rev. Public Health 26, 319–339 (2005)

    Article  Google Scholar 

  29. Office of the Australian Information Commissioner: Notifiable Data Breaches Quarterly Statistics Report (2019). https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-statistics/

Download references

Author information

Authors and Affiliations

  1. Department of Cybersecurity, College of Computer Science and Engineering, The University of Jeddah, Jeddah, Saudi Arabia

    Moneer Alshaikh

  2. School of Computing and Information Systems, Melbourne School of Engineering, The University of Melbourne, Melbourne, VIC, 3010, Australia

    Moneer Alshaikh, Sean B. Maynard & Atif Ahmad

Authors
  1. Moneer Alshaikh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sean B. Maynard
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Atif Ahmad
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sean B. Maynard .

Editor information

Editors and Affiliations

  1. University of Pretoria, Pretoria, South Africa

    Hein Venter

  2. University of South Africa, Florida, South Africa

    Marianne Loock

  3. University of Johannesburg, Auckland Park, South Africa

    Marijke Coetzee

  4. University of South Africa, Pretoria, South Africa

    Mariki Eloff

  5. University of Pretoria, Pretoria, South Africa

    Jan Eloff

  6. Nelson Mandela University, Port Elizabeth, South Africa

    Reinhardt Botha

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Alshaikh, M., Maynard, S.B., Ahmad, A. (2020). Security Education, Training, and Awareness: Incorporating a Social Marketing Approach for Behavioural Change. In: Venter, H., Loock, M., Coetzee, M., Eloff, M., Eloff, J., Botha, R. (eds) Information and Cyber Security. ISSA 2020. Communications in Computer and Information Science, vol 1339. Springer, Cham. https://doi.org/10.1007/978-3-030-66039-0_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-66039-0_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-66038-3

  • Online ISBN: 978-3-030-66039-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation