Towards Designing A Method To Create Sticky Information Security Training For SMEs: Identifying Design Factors

Martin Brehmer; Antragama Ewa Abbas; Nageswaran Vaidyanathan

Towards Designing A Method To Create Sticky Information Security Training For SMEs: Identifying Design Factors

Martin Brehmer, Antragama Ewa Abbas, Nageswaran Vaidyanathan

Department of Digitalization

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

Abstract

The risk of being impacted by a cyberattack is high, because of more professional attacks. Thereby, cyber criminals are bypassing technological countermeasures through tricking users. Recently collected data during the SARS-CoV-2 pandemic demonstrate, that cyberattacks including social engineering are among the main threats, especially for Small and Medium-sized Enterprises (SME). (Information) Security Education and Training Awareness (SETA) is proposed to be an effective countermeasure. However, the effects of SETA fade rapidly over time and learnings are not applied in practice sustainably. Thus, we state that a method is required to create SETA programs with sustainable learning outcomes for SME. To develop such a method, we follow the Design Science Research Methodology and share insights of our first design cycle in this article. We conducted a literature review and analyzed factors of failure and success regarding the design of sustainable SETA programs. Furthermore, we sketch our plans for design cycle 2.

Original language	English
Title of host publication	Proceedings of the 29th European Conference on Information Systems (ECIS)
Number of pages	13
Place of Publication	Atlanta, GA
Publisher	Association for Information Systems. AIS Electronic Library (AISeL)
Publication date	2021
Article number	1473
Publication status	Published - 2021
Event	The 29th European Conference on Information Systems (ECIS) 2021: Human Values Crisis in a Digitizing World - Virtual Conference, Marrackech, Morocco Duration: 14 Jun 2021 → 14 Jun 2021 Conference number: 29 https://www.ecis2021.com/

Conference

Conference	The 29th European Conference on Information Systems (ECIS) 2021
Number	29
Location	Virtual Conference
Country/Territory	Morocco
City	Marrackech
Period	14/06/2021 → 14/06/2021
Internet address	https://www.ecis2021.com/

Series	Proceedings of the European Conference on Information Systems
ISSN	0000-0034

Keywords

Information security
Training
Education
Awareness
SETA
DSR
SME

Access to Document

http://aisel.aisnet.org/cgi/viewcontent.cgi?article=1027&context=ecis2021_ripLicence: Unspecified

Handle.net

Persistent link

Cite this

Brehmer, M., Abbas, A. E., & Vaidyanathan, N. (2021). Towards Designing A Method To Create Sticky Information Security Training For SMEs: Identifying Design Factors. In Proceedings of the 29th European Conference on Information Systems (ECIS) Article 1473 Association for Information Systems. AIS Electronic Library (AISeL). http://aisel.aisnet.org/cgi/viewcontent.cgi?article=1027&context=ecis2021_rip

Brehmer, Martin ; Abbas, Antragama Ewa ; Vaidyanathan, Nageswaran. / Towards Designing A Method To Create Sticky Information Security Training For SMEs : Identifying Design Factors. Proceedings of the 29th European Conference on Information Systems (ECIS). Atlanta, GA : Association for Information Systems. AIS Electronic Library (AISeL), 2021. (Proceedings of the European Conference on Information Systems).

@inproceedings{c8e8c378aa9449dfbee687fbf787a1f6,

title = "Towards Designing A Method To Create Sticky Information Security Training For SMEs: Identifying Design Factors",

abstract = "The risk of being impacted by a cyberattack is high, because of more professional attacks. Thereby, cyber criminals are bypassing technological countermeasures through tricking users. Recently collected data during the SARS-CoV-2 pandemic demonstrate, that cyberattacks including social engineering are among the main threats, especially for Small and Medium-sized Enterprises (SME). (Information) Security Education and Training Awareness (SETA) is proposed to be an effective countermeasure. However, the effects of SETA fade rapidly over time and learnings are not applied in practice sustainably. Thus, we state that a method is required to create SETA programs with sustainable learning outcomes for SME. To develop such a method, we follow the Design Science Research Methodology and share insights of our first design cycle in this article. We conducted a literature review and analyzed factors of failure and success regarding the design of sustainable SETA programs. Furthermore, we sketch our plans for design cycle 2.",

keywords = "Information security, Training, Education, Awareness, SETA, DSR, SME, Information security, Training, Education, Awareness, SETA, DSR, SME",

author = "Martin Brehmer and Abbas, {Antragama Ewa} and Nageswaran Vaidyanathan",

year = "2021",

language = "English",

series = "Proceedings of the European Conference on Information Systems",

booktitle = "Proceedings of the 29th European Conference on Information Systems (ECIS)",

publisher = "Association for Information Systems. AIS Electronic Library (AISeL)",

note = "The 29th European Conference on Information Systems (ECIS) 2021 ; Conference date: 14-06-2021 Through 14-06-2021",

url = "https://www.ecis2021.com/",

}

Brehmer, M, Abbas, AE & Vaidyanathan, N 2021, Towards Designing A Method To Create Sticky Information Security Training For SMEs: Identifying Design Factors. in Proceedings of the 29th European Conference on Information Systems (ECIS)., 1473, Association for Information Systems. AIS Electronic Library (AISeL), Atlanta, GA, Proceedings of the European Conference on Information Systems, The 29th European Conference on Information Systems (ECIS) 2021, Marrackech, Morocco, 14/06/2021. <http://aisel.aisnet.org/cgi/viewcontent.cgi?article=1027&context=ecis2021_rip>

Towards Designing A Method To Create Sticky Information Security Training For SMEs: Identifying Design Factors. / Brehmer, Martin; Abbas, Antragama Ewa; Vaidyanathan, Nageswaran.
Proceedings of the 29th European Conference on Information Systems (ECIS). Atlanta, GA: Association for Information Systems. AIS Electronic Library (AISeL), 2021. 1473 (Proceedings of the European Conference on Information Systems).

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

TY - GEN

T1 - Towards Designing A Method To Create Sticky Information Security Training For SMEs

T2 - The 29th European Conference on Information Systems (ECIS) 2021

AU - Brehmer, Martin

AU - Abbas, Antragama Ewa

AU - Vaidyanathan, Nageswaran

N1 - Conference code: 29

PY - 2021

Y1 - 2021

N2 - The risk of being impacted by a cyberattack is high, because of more professional attacks. Thereby, cyber criminals are bypassing technological countermeasures through tricking users. Recently collected data during the SARS-CoV-2 pandemic demonstrate, that cyberattacks including social engineering are among the main threats, especially for Small and Medium-sized Enterprises (SME). (Information) Security Education and Training Awareness (SETA) is proposed to be an effective countermeasure. However, the effects of SETA fade rapidly over time and learnings are not applied in practice sustainably. Thus, we state that a method is required to create SETA programs with sustainable learning outcomes for SME. To develop such a method, we follow the Design Science Research Methodology and share insights of our first design cycle in this article. We conducted a literature review and analyzed factors of failure and success regarding the design of sustainable SETA programs. Furthermore, we sketch our plans for design cycle 2.

AB - The risk of being impacted by a cyberattack is high, because of more professional attacks. Thereby, cyber criminals are bypassing technological countermeasures through tricking users. Recently collected data during the SARS-CoV-2 pandemic demonstrate, that cyberattacks including social engineering are among the main threats, especially for Small and Medium-sized Enterprises (SME). (Information) Security Education and Training Awareness (SETA) is proposed to be an effective countermeasure. However, the effects of SETA fade rapidly over time and learnings are not applied in practice sustainably. Thus, we state that a method is required to create SETA programs with sustainable learning outcomes for SME. To develop such a method, we follow the Design Science Research Methodology and share insights of our first design cycle in this article. We conducted a literature review and analyzed factors of failure and success regarding the design of sustainable SETA programs. Furthermore, we sketch our plans for design cycle 2.

KW - Information security

KW - Training

KW - Education

KW - Awareness

KW - SETA

KW - DSR

KW - SME

KW - Information security

KW - Training

KW - Education

KW - Awareness

KW - SETA

KW - DSR

KW - SME

M3 - Article in proceedings

T3 - Proceedings of the European Conference on Information Systems

BT - Proceedings of the 29th European Conference on Information Systems (ECIS)

PB - Association for Information Systems. AIS Electronic Library (AISeL)

CY - Atlanta, GA

Y2 - 14 June 2021 through 14 June 2021

ER -

Brehmer M, Abbas AE, Vaidyanathan N. Towards Designing A Method To Create Sticky Information Security Training For SMEs: Identifying Design Factors. In Proceedings of the 29th European Conference on Information Systems (ECIS). Atlanta, GA: Association for Information Systems. AIS Electronic Library (AISeL). 2021. 1473. (Proceedings of the European Conference on Information Systems).