Do SETA Interventions Change Security Behavior? : A Literature Review




Nwachukwu Uchechukwu Justin, Vidgren Jiri, Niemimaa Marko Ilmari, Järveläinen Jonna

Hawaii International Conference on System Sciences

University of Hawaii

2023

Proceedings of the Annual Hawaii International Conference on System Sciences

Proceedings of the 56th Hawaii International Conference on System Sciences

978-0-9981331-6-4

1530-1605

2572-6862

https://hdl.handle.net/10125/103396

https://research.utu.fi/converis/portal/detail/Publication/178091834



Information security education, training, and awareness (SETA) are approaches to changing end- users’ security behavior. Research into SETA has conducted interventions to study the effects of SETA on security behavior. However, we lack aggregated knowledge on ‘how do SETA interventions influence security behavior?’. In this study, we review 21 empirical SETA intervention studies published across the field’s top journals. The theoretical findings show that the research has extended Protection Motivation Theory by (1) enhancements to fear appeals; (2) drawing attention to relevance; (3) incorporating temporality; (4) and shifting from intentions to behavior. In terms of behavior, the SETA interventions have targeted (1) information security policy compliance behavior; and (2) information protection behavior. We argue that while these studies have provided insights into security intentions and behavior, knowledge on designing effective SETA training has remained primarily anecdotal. We contribute (1) by pointing gaps in the knowledge; and (2) proposing tentative design recommendations.


Last updated on 2024-26-11 at 17:05