Simplicity is Bliss: Controlling Extraneous Cognitive Load in Online Security Training to Promote Secure Behavior

Authors:
Jeffrey L. Jenkins;Alexandra Durcikova;Mary B. Burns
Affiliations:
Marriott School of Management, Brigham Young University, Provo, UT, USA;Price College of Business, The University of Oklahoma, Norman, OK, USA;Jake Jabs College of Business & Entrepreneurship, Montana State University, Bozeman, MT, USA
Venue:
Journal of Organizational and End User Computing
Year:
2013

Citing 13
Cited 0

User acceptance of computer technology: a comparison of two theoretical models

Management Science
Security for computer networks: and introduction to data security in teleprocessing and electronic funds transfer (2nd ed.)

Security for computer networks: and introduction to data security in teleprocessing and electronic funds transfer (2nd ed.)
Coping with systems risk: security planning models for management decision making

MIS Quarterly
Users are not the enemy

Communications of the ACM
Studying users' computer security behavior: A health belief perspective

Decision Support Systems
User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach

Information Systems Research
Estimating the market impact of security breach announcements on firm values

Information and Management
Extending the understanding of end user information systems satisfaction formation: an equitable needs fulfillment model approach

MIS Quarterly
Interactive decision aids for consumer decision making in E-commerce: the influence of perceived strategy restrictiveness1

MIS Quarterly
Circuits of power: a study of mandated compliance to an information systems security de jure standard in a government organization

MIS Quarterly
Improving employees' compliance through information systems security training: an action research study

MIS Quarterly
The Influence of Perceived Source Credibility on End User Attitudes and Intentions to Comply with Recommended IT Actions

Journal of Organizational and End User Computing
What Kind of Interventions Can Help Users from Falling for Phishing Attempts: A Research Proposal for Examining Stage-Appropriate Interventions

HICSS '13 Proceedings of the 2013 46th Hawaii International Conference on System Sciences

Quantified Score

Hi-index	0.00

Visualization

Abstract

User-initiated security breaches are common and can be very costly to organizations. Information security training can be used as an effective tool to improve users' secure behavior and thus alleviate security breaches. Via the lens of learning, working memory, and cognitive load theories, this research examines how to improve the effectiveness of security training through decreasing extraneous stimuli in the presentation of online security training. The authors conducted a realistic laboratory experiment to examine the influence of training with different levels of extraneous stimuli on secure behavior. They found that training presented with low levels of extraneous stimuli improved secure behavior more than training presented with high levels. The results question the effectiveness of elaborate training programs, and rather suggest that simple, direct training modules are most effective.