Book Chapter

Security Education, Training, and Awareness: Incorporating a Social Marketing Approach for Behavioural Change

M Alshaikh, SB Maynard, A Ahmad

Information and Cyber Security | Communications in Computer and Information Science | Springer International Publishing | Published : 2020

Abstract

Effective information security education, training, and awareness (SETA) is essential for protecting organisational information resources. Although many organisations invest significantly in SETA, incidents resulting from employee noncompliance are still increasing. We argue that this may indicate that current SETA programs are sub-optimal in improving security compliance behaviour among employees, as they lack sufficient grounding in theory. This study proposes a new process for SETA development based on the social marketing approach. The proposed process involves selecting specific behaviour, developing a deeper understanding of the target audience, and using theory-informed intervention s..

View full abstract

Citation metrics