Affiliation:
1. College of Business, City University of Hong Kong, Kowloon, Hong Kong, China
Abstract
Information systems misuse and data breaches are among the most common information security threats at the organisational and individual levels. Security, Education, Training and Awareness (SETA) program can be effective tools in addressing and preventing such risks for sustaining the educational sector’s information security, although it is costly to implement and achieves limited results. Several studies have shown that SETA implementation can improve corporate employees’ information security protection behaviours. This study adopts the method of quantitative research, deterrence theory with selected perceived cost and information security awareness (ISA) as intermediate variables and explores how SETA programs affect information system abuse on campuses. The results show that implementing the SETA program positively impacts perceived cost and ISA; perceived cost and information security positively impact reducing misuse behaviour of information systems. At last, we provide rationalisation suggestions for individual students and schools to help SETA programs to be better implemented.
Subject
Management, Monitoring, Policy and Law,Renewable Energy, Sustainability and the Environment,Geography, Planning and Development,Building and Construction
Reference32 articles.
1. Wang, G., Tse, D., Cui, Y., and Jiang, H. (2022). An Exploratory Study on Sustaining Cyber Security Protection through SETA Implementation. Sustainability, 14.
2. User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach;Hovav;Inf. Syst. Res.,2009
3. Stephanou, T., and Dagada, R. (2008). The Impact of Information Security Awareness Training on Information Security Behaviour: The Case for Further Research, ISSA.
4. Burns, A.J., Roberts, T.L., Posey, C., Bennett, R.J., and Courtney, J.F. (2015, January 5–8). Assessing the Role of Security Education, Training, and Awareness on Insiders’ Security-Related Behavior: An Expectancy Theory Approach. Proceedings of the 2015 48th Hawaii International Conference on System Sciences, Kauai, HI, USA.
5. McIlwraith, A. (2021). Information Security and Employee Behaviour: How to Reduce Risk through Employee Education, Training and Awareness, Routledge.