Tailored interventions for information security awareness

Background

In information security, it is good practice to use a layered approach. Each additional layer is an extra hurdle an offender has to overcome to be successful. These layers could be a well-configured firewall + secure software + proper encryption + staff who behave securely. The latter is often done by providing staff with e-learning and awareness programs regarding information security practices within the organisation. These programs typically have a one-size-fits-all approach, where all staff receives the same content. Since people differ in many different aspects, it would be naïve to consider staff as homogenous.

To obtain insight into the beliefs of staff regarding information security, we have developed an information security awareness survey based on Health Belief Model (HBM). For each of the HBM constructs, the survey targets different specific areas within the information security domain (e.g. clean desk, email phishing or work from home). The results per domain and construct will be used to build an awareness program that best fits the respondent.

The idea is to design a series of training materials that target specific elements of the HBM for one particular information security domain. By doing this, the respondent receives a tailored awareness program that best fits their needs. This project focuses on the design, development and evaluation of these interventions.

It is part of an ongoing joined research project by the LISA-Demand Supply Management department and Industrial Engineering Business Information Systems research group.

Keywords:

Interventions; Security Awareness; Health Belief Model; Personalized; Cybersecurity

Literature

Bullee, J.H., & Junger, M. (2020). How effective are social engineering interventions? A meta-analysis. Information & Computer Security, 28(5), 801-830. doi:10.1108/ics-07-2019-0078

 Carpenter, C. J. (2010). A Meta-Analysis of the Effectiveness of Health Belief Model Variables in Predicting Behavior. Health Communication, 25(8), 661–669. doi:10.1080/10410236.2010.521906

 Geil, A., Sagers, G., Spaulding, A. D., & Wolf, J. R. (2018). Cyber security on the farm: an assessment of cyber security practices in the United States agriculture industry. International Food and Agribusiness Management Review, 21(3), 317–334. doi:10.22434/ifamr2017.0045

Information

Please contact Jan-Willem Bullee (j.h.bullee@utwente.nl) if you are interested in this project.