Assessment of the Impact of Information Security Awareness Training Methods on Knowledge, Attitude, and Behavior

Abstract

Technology is changing the way we work more than ever before. Therefore, it is critical to understand the security threats associated with these advanced tools to protect systems and data. Security is a combination of people, processes, and technology. Thus, to counter cyber-threats effectively, information security awareness (ISA) programs are an essential cornerstone of enterprise security. There are many ways in which information security knowledge can be delivered. In this paper, we have conducted an experiment to test the impact of multiple intervention strategies on knowledge, attitude, and behavior. The HAIS-Q was used to evaluate the effectiveness of training methods on the employees. Our study suggests that all the methods raised knowledge equivalently. However, having more than one delivery method to convey the same message had more impact on users’ attitudes. When it comes to behavioral change, however, text-based and game-based training formats performed better than their counterparts. Additionally, employees’ tendency in engaging in self-education activities and participating in future awareness programs were influenced by the intervention strategy. These findings have important implications, as ISA programs should be designed in a way that positively influences the mindset of employees and motivates them to embrace security practices in their daily activities.