Matching training to individual learning styles improves information security awareness. (11th November 2019)
- Record Type:
- Journal Article
- Title:
- Matching training to individual learning styles improves information security awareness. (11th November 2019)
- Main Title:
- Matching training to individual learning styles improves information security awareness
- Authors:
- Pattinson, Malcolm
Butavicius, Marcus
Lillie, Meredith
Ciccarello, Beau
Parsons, Kathryn
Calic, Dragana
McCormac, Agata - Abstract:
- Abstract : Purpose: This paper aims to introduce the concept of a framework of cyber-security controls that are adaptable to different types of organisations and different types of employees. One of these adaptive controls, namely, the mode of training provided, is then empirically tested for its effectiveness. Design/methodology/approach: In total, 1, 048 working Australian adults completed the human aspects of the information security questionnaire (HAIS-Q) to determine their individual information security awareness (ISA). This included questions relating to the various modes of cyber-security training they had received and how often it was provided. Also, a set of questions called the cyber-security learning-styles inventory was used to identify their preferred learning styles for training. Findings: The extent to which the training that an individual received matched their learning preferences was positively associated with their information security awareness (ISA) level. However, the frequency of such training did not directly predict ISA levels. Research limitations/implications: Further research should examine the influence of matching cyber-security learning styles to training packages more directly by conducting a controlled trial where the training packages provided differ only in the mode of learning. Further research should also investigate how individual tailoring of aspects of an adaptive control framework (ACF), other than training, may improve ISA.Abstract : Purpose: This paper aims to introduce the concept of a framework of cyber-security controls that are adaptable to different types of organisations and different types of employees. One of these adaptive controls, namely, the mode of training provided, is then empirically tested for its effectiveness. Design/methodology/approach: In total, 1, 048 working Australian adults completed the human aspects of the information security questionnaire (HAIS-Q) to determine their individual information security awareness (ISA). This included questions relating to the various modes of cyber-security training they had received and how often it was provided. Also, a set of questions called the cyber-security learning-styles inventory was used to identify their preferred learning styles for training. Findings: The extent to which the training that an individual received matched their learning preferences was positively associated with their information security awareness (ISA) level. However, the frequency of such training did not directly predict ISA levels. Research limitations/implications: Further research should examine the influence of matching cyber-security learning styles to training packages more directly by conducting a controlled trial where the training packages provided differ only in the mode of learning. Further research should also investigate how individual tailoring of aspects of an adaptive control framework (ACF), other than training, may improve ISA. Practical implications: If cyber-security training is adapted to the preferred learning styles of individuals, their level of ISA will improve, and therefore, their non-malicious behaviour, whilst using a digital device to do their work, will be safer. Originality/value: A review of the literature confirmed that ACFs for cyber-security does exist, but only in terms of hardware and software controls. There is no evidence of any literature on frameworks that include controls that are adaptable to human factors within the context of information security. In addition, this is the first study to show that ISA is improved when cyber-security training is provided in line with an individual's preferred learning style. Similar improvement was not evident when the training frequency was increased suggesting real-world improvements in ISA may be possible without increasing training budgets but by simply matching individuals to their desired mode of training. … (more)
- Is Part Of:
- Information and computer security. Volume 28:Number 1(2020)
- Journal:
- Information and computer security
- Issue:
- Volume 28:Number 1(2020)
- Issue Display:
- Volume 28, Issue 1 (2020)
- Year:
- 2020
- Volume:
- 28
- Issue:
- 1
- Issue Sort Value:
- 2020-0028-0001-0000
- Page Start:
- 1
- Page End:
- 14
- Publication Date:
- 2019-11-11
- Subjects:
- Information security -- Learning styles -- Information security awareness (ISA) -- Adaptive control framework (ACF) -- Human aspects of cyber-security (HACS) -- Human aspects of information security questionnaire (HAIS-Q)
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-01-2019-0022 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 13108.xml