Abstract
User behavior is a key aspect of cybersecurity and it is well documented that insecure user behavior is the root cause of the majority of all cybersecurity incidents. Security Education, Training, and Awareness (SETA) is described by practitioners and researchers as the most important tool for improving cybersecurity behavior and has been for several decades. Further, there are several ways to work with SETA found in academic literature and a lot of research into various aspects of SETA effectiveness. However, the problem of insecure user behavior remains revealing a need for further research in the domain. While previous research have looked at the users’ experience of SETA, this study looks at SETA adoption from the perspective of the adopting organization. For this purpose, a survey was sent out to all Nordic municipalities with the intent of measuring if and how SETA is conducted, and how the respondents would ideally like to conduct SETA. The results show that a majority of the participating organizations use SETA and that e-learning is the most common delivery method. However, the results also show that gamification and embedded training is seldom used in practice nor a part of the participants’ picture of ideal SETA.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Aldawood, H., Skinner, G.: Educating and raising awareness on cyber security social engineering: a literature review. In: 2018 IEEE International Conference on Teaching, Assessment, and Learning for Engineering (TALE), pp. 62–68. IEEE (2018)
Bada, M., Sasse, A.M., Nurse, J.R.: Cyber security awareness campaigns: Why do they fail to change behaviour? arXiv preprint arXiv:1901.02672 (2019)
Berelson, B.: Content Analysis in Communication Research. Content Analysis in Communication Research, Free Press, New York (1952)
Berndtsson, M., Hansson, J., Olsson, B., Lundell, B.: Thesis Projects: a Guide for Students in Computer Science and Information Systems. Springer, London (2007)
de Bruijn, H., Janssen, M.: Building cybersecurity awareness: the need for evidence-based framing strategies. Gov. Inf. Q. 34(1), 1–7 (2017)
Cybint: 15 alarming cyber security facts and stats (2020). https://www.cybintsolutions.com/cyber-security-facts-stats/
EC-Council: The top types of cybersecurity attacks of 2019, till date (2019). https://blog.eccouncil.org/the-top-types-of-cybersecurity-attacks-of-2019-till-date/
Fowler, F.J., Jr.: Survey Research Methods. Sage publications, Los Angeles (2013)
Gjertsen, E.G.B., Gjaere, E.A., Bartnes, M., Flores, W.R.: Gamification of information security awareness and training. In: ICISSP (2017)
Hadlington, L.: Human factors in cybersecurity; examining the link between internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours. Heliyon 3(7), e00346 (2017)
Handayani, V., Budiono, F.L., Rosyada, D., Amriza, R.N.S., Masruroh, S.U., et al.: Gamified learning platform analysis for designing a gamification-based ui/ux of e-learning applications: A systematic literature review. In: 2020 8th International Conference on Cyber and IT Service Management (CITSM), pp. 1–5. IEEE (2020)
Huynh, D., Luong, P., Iida, H., Beuran, R.: Design and evaluation of a cybersecurity awareness training game. In: Munekata, N., Kunita, I., Hoshino, J. (eds.) ICEC 2017. LNCS, vol. 10507, pp. 183–188. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66715-7_19
Joinson, A., van Steen, T.: Human aspects of cyber security: Behaviour or culture change? Cyber Secur. Peer-Rev. J. 1(4), 351–360 (2018)
Kävrestad, J., Nohlberg, M.: Contextbased microtraining: a framework for information security training. In: Clarke, N., Furnell, S. (eds.) HAISA 2021. IAICT, vol. 593, pp. 71–81. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-57404-8_6
Krippendorff, K.: Reliability in content analysis: some common misconceptions and recommendations. Hum. Commun. Res. 30(3), 411–433 (2006). https://doi.org/10.1111/j.1468-2958.2004.tb00738.x
Lim, I.K., Park, Y.G., Lee, J.K.: Design of security training system for individual users. Wirel. Pers. Commun. 90(3), 1105–1120 (2016) https://doi.org/10.1007/s11277-016-3380-z
Puhakainen, P., Siponen, M.: Improving employees’ compliance through information systems security training: an action research study. MIS quarterly, pp. 757–778 (2010)
Safa, N.S., Von Solms, R.: An information security knowledge sharing model in organizations. Comput. Hum. Behav. 57, 442–451 (2016)
Sauermann, H., Roach, M.: Increasing web survey response rates in innovation research: an experimental study of static and dynamic contact design features. Res. Policy 42(1), 273–286 (2013)
Siponen, M.T.: A conceptual foundation for organizational information security awareness. Inf. Manage. Comput. Secur. 8(1), 31–41 (2000)
Takata, T., Ogura, K.: IEEE: Confront phishing attacks - from a perspective of security education. In: International Conference on Awareness Science and Technology, pp. 10–13 (2019)
Taneski, V., Heričko, M., Brumen, B.: Impact of security education on password change, pp. 1350–1355 (2015)
Tchakounté, F., Wabo, L.K., Atemkeng, M.: A review of gamification applied to phishing, pp. 1–26 (2020)
Van Rensburg, W.J., Thomson, K.L., Futcher, L.: An Educational Intervention Towards Safe Smartphone Usage. HAISA, Dundee, vol. 2018 (2018)
Walston, J.T., Lissitz, R.W., Rudner, L.M.: The influence of web-based questionnaire presentation variations on survey cooperation and perceptions of survey quality. J. Official Stat. 22(2), 271 (2006)
Wheelan, C.: Naked Statistics: Stripping the Dread from the Data. WW Norton & Company, New York (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 IFIP International Federation for Information Processing
About this paper
Cite this paper
Salek, A.A., Kävrestad, J., Nohlberg, M. (2021). Exploring Experiences of Using SETA in Nordic Municipalities. In: Furnell, S., Clarke, N. (eds) Human Aspects of Information Security and Assurance. HAISA 2021. IFIP Advances in Information and Communication Technology, vol 613. Springer, Cham. https://doi.org/10.1007/978-3-030-81111-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-81111-2_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-81110-5
Online ISBN: 978-3-030-81111-2
eBook Packages: Computer ScienceComputer Science (R0)
