In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Twelfth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018)
Title: Adapting Cyber-Security Training to Your Employees
Author(s): Malcolm Pattinson, Marcus Butavicius, Beau Ciccarello, Meredith Lillie, Kathryn Parsons, Dragana Calic, Agata McCormac
Keywords: Information Security (InfoSec), Human Aspects of Cyber Security (HACS), Human Aspects of Information Security Questionnaire (HAIS-Q), Adaptive Control Framework (ACF), Information Security Awareness (ISA), Learning Styles, Training
Abstract: The aim of this paper is twofold. First, it introduces the concept of a framework of controls that relates to the human aspects of cyber security, which is adaptable to different types of organisations and different types of employees. A review of the literature confirmed that Adaptive Control Frameworks (ACFs) for cyber security exist, but only in terms of hardware and software controls. The second aim of this paper is to empirically test the effectiveness of one of these adaptive controls, namely, the type of training provided. A total of 1048 working Australian adults completed the Human Aspects of Information Security Questionnaire (HAIS-Q). This included questions relating to the types of cyber-security training they had received and how often it was provided, and a set of questions called the Cyber-security Learning Styles Inventory to identify their preferred learning styles for training. The frequency of training did not directly predict Information Security Awareness (ISA) levels. However, the extent to which the training received was matched with an individual’s learning preferences was positively associated with ISA levels. This finding supports the hypothesis that if training interventions are adapted to the learning styles of individuals, their level of ISA will improve and therefore their non-malicious behaviour, whilst using a digital device to do their work, will be safer. The practical implications of this finding, as well as suggestions for further research on the ACF, are also discussed.
Download count: 1802
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.