Impact of User Experience and Comprehension on Awareness Training
Presented during the AIS Americas Conference on Information Systems (AMCIS) 2022
Jon Adams, Marymount University
Michelle Liu, Marymount University
Abstract:
The human component of information systems is a target of cyberattacks. Firms address the threat using security awareness training, monitoring, controls, and enforcement. User security awareness as a part of the information system is key. Increasing telework, remote access, and collaborative technologies require user security hygiene. The problem is acute with small and mid-sized businesses, more likely to invest less in cybersecurity. This study seeks to assess the effectiveness of security awareness training at influencing user behaviors. The assessment includes the influence of training and culture on policy compliance via leadership prerogative and the moderating effect of user comprehension of security tool messaging. Security tools are integral to defense-in-depth. Little research has examined how security tools use affects user compliance intention. This study seeks to incorporate employee cognition of information from security tools into an understanding of factors that influence user attitudes toward security policy compliance
Keywords: Security Awareness, Usable Security, Security Policy Compliance, Human-Computer Interaction