Towards Personalized User Training for Secure Use of Information Systems

Abstract

Information Systems (IS) represent an integral part of our lives, both in the organizational and personal sphere. To use them securely, users must be properly trained. The main problem is that most training processes still use the one-size-fits-all approach where users receive the same kind of learning material. In addition, personalized training may be a more suitable approach however a comprehensive process for IS user profiling and personalized IS user training improvement has not been introduced yet. This paper proposes a novel approach for personalized user training for secure use of IS to fill in this gap. The proposed approach focuses on three key dimensions (i.e., the personalization process, selection of training tools and materials, and participants) and is composed of five phases covering the identification of key IS security elements, IS user profiling and personalization of IS security training. It is scalable to all company sizes and aims to lower both the IS training costs and optimization of outcomes. As a side-effect, it also helps to lower user resistance to participation in IS security training.