Abstract
PurposeSecurity education, training and awareness (SETA) programs are the key to addressing “people problems” in information systems (IS) security. Contrary to studies using conventional methods, the present study leveraged an “event” lens and dimensionalized employees' perceptions into three sub-dimensions: perceived novelty, perceived disruption and perceived criticality. Moreover, this research went a step further by examining how pedagogical and communication approaches to a SETA program affect employees' perceptions of the program. This study then investigated whether – and if so, how – these approaches impact employees' perceptions of the SETA program and their subsequent commitment to it.Design/methodology/approachUtilizing a factorial-based scenario survey, this study empirically tested a model of the above relationships via covariance-based structural equation modeling.FindingsThe results of this research showed that pedagogical approaches were more effective than communication approaches and that employees' perceptions of the SETA program accounted for a large variance in their commitment to SETA.Originality/valueFirst, this research deepens understanding of the protection of information assets by elaborating on the different approaches that organizations can take to encourage employees' commitment to SETA. Second, the study enriches the SETA literature by theorizing a SETA program as an organizational “event”, which represents a major shift from the conventional approach. Third, the study adds to the theoretical knowledge of the event lens by extending it to the SETA context and investigating the relationship among three event strength components.
Subject
Economics and Econometrics,Sociology and Political Science,Communication
Reference111 articles.
1. User preference of cyber security awareness delivery methods;Behaviour and Information Technology,2014
2. Computer-mediated collaborative learning: an empirical evaluation;MIS Quarterly,1994
3. Reluctant to change: self-enhancing responses to diverging performance measures;Organizational Behavior and Human Decision Processes,2007
4. Why so serious? Gamification impact in the acceptance of mobile banking services;Internet Research,2017
5. Don't even think about it! The effects of antineutralization, informational, and normative communication on information security compliance;Journal of the Association for Information Systems,2018