End User Security Training for Identification and Access Management

Abstract

Identification and access management (I/AM) is among the top security issues facing institutions of higher education. Most institutions of higher education require end users to provide usernames and passwords to gain access to personally identifiable information (PII). This leaves universities vulnerable to unauthorized access and unauthorized disclosure of PII as, according to recent literature, usernames and passwords alone are insufficient for proper authentication of users into information and information systems. This study examines a critical element in the successful implementation of any information security initiative, end user training. Specifically, this study advances research in the area of end user security training by using canonical action research (CAR) to develop and refine an IT security training framework that can guide institutions of higher education in the implementation of USB security tokens for two-factor authentication using public key infrastructure (PKI).