Security concerns of system users: a study of perceptions of the adequacy of security
Information and Management
Diversity in information systems action research methods
European Journal of Information Systems
Investigating information systems with action research
Communications of the AIS
Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management
Building an Information Security Awareness Program
Building an Information Security Awareness Program
Information Security Architecture: An Integrated Approach to Security in the Organization
Information Security Architecture: An Integrated Approach to Security in the Organization
Management Strategies for Computer Security
Management Strategies for Computer Security
The Secured Enterprise: Protecting Your Information Assets
The Secured Enterprise: Protecting Your Information Assets
The Art of Deception: Controlling the Human Element of Security
The Art of Deception: Controlling the Human Element of Security
Information Security Awareness - Selling the Cause
IFIP/Sec '92 Proceedings of the IFIP TC11, Eigth International Conference on Information Security: IT Security: The Need for International Cooperation
Proceedings of the IFIP TC11 Fifteenth Annual Working Conference on Information Security for Global Information Infrastructures
A Practical Approach to Information Security Awareness in the Organization
SEC '02 Proceedings of the IFIP TC11 17th International Conference on Information Security: Visions and Perspectives
The qualitative interview in IS research: Examining the craft
Information and Organization
Dialogical action research at omega corporation
MIS Quarterly
Motivating IS security compliance: Insights from Habit and Protection Motivation Theory
Information and Management
Cyber security games: a new line of risk
ICEC'12 Proceedings of the 11th international conference on Entertainment Computing
Modifying smartphone user locking behavior
Proceedings of the Ninth Symposium on Usable Privacy and Security
Journal of Organizational and End User Computing
Journal of Organizational and End User Computing
End User Security Training for Identification and Access Management
Journal of Organizational and End User Computing
Hi-index | 0.00 |
Employee noncompliance with information systems security policies is a key concern for organizations. If users do not comply with IS security policies, security solutions lose their efficacy. Of the different IS security policy compliance approaches, training is the most commonly suggested in the literature. Yet, few of the existing studies about training to promote IS policy compliance utilize theory to explain what learning principles affect user compliance with IS security policies, or offer empirical evidence of their practical effectiveness. Consequently, there is a need for IS security training approaches that are theory-based and empirically evaluated. Accordingly, we propose a training program based on two theories: the universal constructive instructional theory and the elaboration likelihood model. We then validate the training program for IS security policy compliance training through an action research project. The action research intervention suggests that the theory-based training achieved positive results and was practical to deploy. Moreover, the intervention suggests that information security training should utilize contents and methods that activate and motivate the learners to systematic cognitive processing of information they receive during the training. In addition, the action research study made clear that a continuous communication process was also required to improve user IS security policy compliance. The findings of this study offer new insights for scholars and practitioners involved in IS security policy compliance.