Abstract
In order to decrease information security threats caused by human-related vulnerabilities, an increased concentration on information security awareness and training is necessary. There are numerous information security awareness training delivery methods. The purpose of this study was to determine what delivery method is most successful in providing security awareness training. We conducted security awareness training using various delivery methods such as text based, game based and a short video presentation with the aim of determining user preference delivery methods. Our study suggests that a combined delvery methods are better than individual secrity awareness delivery method.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Cone, B.D., Thompson, M.F., Irvine, C.E., Nguyen, T.D.: Cyber Security Training and Awareness Through Game Play, Security and Privacy in Dynamic Environments. In: IFIP International Federation for Information Processing 2006, vol. 201, pp. 431–436 (2006)
Wu, M., Miller, R.C., Garfinkel, S.L.: Do Security Toolbars Actually Prevent Phishing Attacks? In: Grinter, R., Rodden, T., Aoki, P., Cutrell, E., Jeffries, R., Olson, G. (eds.) Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI, Montréal, Québec, Canada, April 22-27, pp. 601–610. ACM Press, New York (2006)
Sheng, S., Magnien, B., Kumaraguru, P., Acquisti, A., Cranor, L.F., Hong, J., et al.: Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People Not to Fall for Phish. In: Symposium On Usable Privacy and Security (SOUPS) 2007, Pittsburgh, PA, USA, July 18-20 (2007)
Kumaraguru, P., Rhee, Y., Acquisti, A., Cranor, L., Hong, J., Nunge, E.: Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System. In: Proceedings of the 2007 Computer Human Interaction, CHI (2007)
Albrechtsen, E.: A qualitative study of users’ view on information security. Computers and Security 26(4), 276–289 (2007)
Abawajy, J.H., Thatcher, K., Kim, T.-h.: Investigation of Stakeholders Commitment to Information Security Awareness Programs. In: 2008 International Conference on Information Security and Assurance (ISA 2008), pp. 472–476 (2008)
Downs, J., Holbrook, M., Cranor, L.: Decision strategies and susceptibility to phishing. In: Proceedings of the Second Symposium on Usable Privacy and Security (SOUPS 2006), vol. 149 (2006)
Prenski M.: Digital game-based learning. McGraw-Hill, New York (2001); Gredler, M.E.: Games and simulations and their relationships to learning. In: Handbook of Research on Educational Communications and Technology, 2nd edn., pp. 571–581. Lawrence Erlbaum Associates, Mahwah (2004)
Shaw, R.S., Chen, C.C., Harris, A.L., Huang, H.-J.: The impact of information richness on information security awareness training effectiveness. Computers & Education 52, 92–100 (2009)
Valentine, J.A.: Enhancing the Employee Security Awareness Model. Computer Fraud & Security (6), 17–19 (2006)
New York State Office of Cyber Security & Critical Infrastructure Coordination. Gone Phishin, A Briefing on the Anti-Phishing Exercise Initiative for New York State Government. Aggregate Exercise Results for public release
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Abawajy, J., Kim, Th. (2010). Performance Analysis of Cyber Security Awareness Delivery Methods. In: Kim, Th., Fang, Wc., Khan, M.K., Arnett, K.P., Kang, Hj., Ślęzak, D. (eds) Security Technology, Disaster Recovery and Business Continuity. Communications in Computer and Information Science, vol 122. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17610-4_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-17610-4_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17609-8
Online ISBN: 978-3-642-17610-4
eBook Packages: Computer ScienceComputer Science (R0)