Abstract
This paper aims to apply habit-based research to the domain of information security. It proposes a new training paradigm in which a user “automatically” does the right thing without being an expert in the area of information security. The authors used a multiphased approach in which a new security training program was created and assessed for three groups: administrators (mostly managers), medical professionals (included physicians, physician assistants etc.) and staff (appointment coordinators, billing specialists etc.). The authors were able to find strong correlations between habit creation and security threats such as phishing, unauthorized cloud computing use, and password sharing. The authors were also able to ascertain that traditional security training and awareness programs need to move away from the “one-size” fits all technique to custom models that need to look at employee groups. This study supports the idea of training programs that are focused on changing habits, which is an area that has not yet been extensively researched in this context.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Systems and Software Security and Protection
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
