Towards Designing A Method To Create Sticky Information Security Training For SMEs: Identifying Design Factors

Martin Brehmer, Antragama Ewa Abbas, Nageswaran Vaidyanathan

Publikation: Bidrag til bog/antologi/rapportKonferencebidrag i proceedingsForskningpeer review

Abstrakt

The risk of being impacted by a cyberattack is high, because of more professional attacks. Thereby, cyber criminals are bypassing technological countermeasures through tricking users. Recently collected data during the SARS-CoV-2 pandemic demonstrate, that cyberattacks including social engineering are among the main threats, especially for Small and Medium-sized Enterprises (SME). (Information) Security Education and Training Awareness (SETA) is proposed to be an effective countermeasure. However, the effects of SETA fade rapidly over time and learnings are not applied in practice sustainably. Thus, we state that a method is required to create SETA programs with sustainable learning outcomes for SME. To develop such a method, we follow the Design Science Research Methodology and share insights of our first design cycle in this article. We conducted a literature review and analyzed factors of failure and success regarding the design of sustainable SETA programs. Furthermore, we sketch our plans for design cycle 2.
OriginalsprogEngelsk
TitelProceedings of the 29th European Conference on Information Systems (ECIS)
Antal sider13
UdgivelsesstedAtlanta, GA
ForlagAssociation for Information Systems. AIS Electronic Library (AISeL)
Publikationsdato2021
Artikelnummer1473
StatusUdgivet - 2021
BegivenhedThe 29th European Conference on Information Systems (ECIS) 2021: Human Values Crisis in a Digitizing World - Virtual Conference, Marrackech, Marokko
Varighed: 14 jun. 202114 jun. 2021
Konferencens nummer: 29
https://www.ecis2021.com/

Konference

KonferenceThe 29th European Conference on Information Systems (ECIS) 2021
Nummer29
LokationVirtual Conference
Land/OmrådeMarokko
ByMarrackech
Periode14/06/202114/06/2021
Internetadresse
NavnProceedings of the European Conference on Information Systems
ISSN0000-0034

Emneord

  • Information security
  • Training
  • Education
  • Awareness
  • SETA
  • DSR
  • SME

Citationsformater