Applying Protection Motivation Theory to Information Security Training for College Students

Abstract As Internet and Web technologies have been used in different fields by various organizations, cyber security has become a significant public concern for the society as a whole. There is a broad consensus on the need for broader and better training and education of the current and future workforce to be able to effectively deal with present, emergent and future cyber security challenges. However, cyber-security education tends to be constrained to computer and information science degree programs. Further, the courses within these programs tend to be offered via conventional instructional mechanisms that entail limited Hands-on learning experiences due to the difficulty, cost, and potential risks of setting up real world like Hands-on security training environments, which are often network-based. Considering cyber security education is a necessary need across all disciplines and majors, we have been undertaking a research project at a public college to (a) construct a model to study the influence of knowledge from lectures and Hands-on experience on security behavior using protection motivation theory (b) develop a series of laboratory based Information Security education modules as easy to tailor and scalable pedagogic tools for helping undergraduate students to comprehend information security at different levels, and (c) test the impact of these modules on students' post-training personal cyber security behavior. Our aim is to identify if indeed students do apply what they learn to confidently and intelligently address personal cyber security challenges, after they have completed these course modules. In this paper, we report (a) our theoretical model (b) the design of security pedagogy modules and, (c) the preliminary findings upon testing and surveying students' post-training knowledge and post-training behavior concerning the security topics covered in the training modules.

[1]  R. Sitgreaves Psychometric theory (2nd ed.). , 1979 .

[2]  Ralph Stair,et al.  Principles of information systems , 2014 .

[3]  Ritu Agarwal,et al.  Practicing Safe Computing: A Multimedia Empirical Examination of Home Computer User Security Behavioral Intentions , 2010, MIS Q..

[4]  Udo W. Pooch,et al.  Using an isolated network laboratory to teach advanced networks and security , 2001, SIGCSE '01.

[5]  Melissa Dark,et al.  Exploring the Effectiveness of an Interdisciplinary Water Resources Engineering Module in an Eighth Grade Science Course , 2009 .

[6]  N. Paul Schembari “ Hands-On Crypto ” : Experiential Learning in Cryptography , .

[7]  Jeffrey V. Nickerson,et al.  Hands-on, simulated, and remote laboratories: A comparative literature review , 2006, CSUR.

[8]  M. Goldberg,et al.  What to Convey in Antismoking Advertisements for Adolescents: The use of Protection Motivation Theory to Identify Effective Message Themes , 2003 .

[9]  Detmar W. Straub,et al.  Structural Equation Modeling and Regression: Guidelines for Research Practice , 2000, Commun. Assoc. Inf. Syst..

[10]  Rose Shumba Towards a more effective way of teaching a cybersecurity basics course , 2004, ITiCSE-WGR.

[11]  G. Carter,et al.  A Sample Survey of Departments of Electrical Engineering to Determine Recent Significant Changes in Laboratory Work Pattern at First Year Level , 1972 .

[12]  R. W. Rogers,et al.  A Protection Motivation Theory of Fear Appeals and Attitude Change1. , 1975, The Journal of psychology.

[13]  L. Slusky,et al.  Students Information Security Practices and Awareness , 2012 .

[14]  Merrill Warkentin,et al.  Fear Appeals and Information Security Behaviors: An Empirical Study , 2010, MIS Q..

[15]  David Gefen,et al.  Structural Equation Modeling Techniques and Regression: Guidelines for Research Practice , 2000 .

[16]  Alexander Hars,et al.  Web Based Knowledge Infrastructures for the Sciences: An Adaptive Document , 2000, Commun. Assoc. Inf. Syst..

[17]  James Walden Integrating web application security into the IT curriculum , 2008, SIGITE '08.

[18]  J. Nunnally Psychometric Theory (2nd ed), New York: McGraw-Hill. , 1978 .

[19]  R. Plotnikoff,et al.  Protection Motivation Theory: Is This a Worthwhile Theory for Physical Activity Promotion? , 2010, Exercise and sport sciences reviews.

[20]  Zhouxuan Teng,et al.  SEED: a suite of instructional laboratories for computer SEcurity EDucation , 2007, SIGCSE.

[21]  Steven R. Malikowski,et al.  A Model for Research into Course Management Systems: Bridging Technology and Learning Theory , 2007 .

[22]  S. Ariyapperuma,et al.  Internet security games as a pedagogic tool for teaching network security , 2005, Proceedings Frontiers in Education 35th Annual Conference.

[23]  Paige Baltzan,et al.  Business Driven Technology , 2005 .

[24]  E. Seydel,et al.  Protection Motivation Theory , 2022 .

[25]  Younghwa Lee,et al.  Threat or coping appraisal: determinants of SMB executives’ decision to adopt anti-malware software , 2009, Eur. J. Inf. Syst..

[26]  Ryan T. Wright,et al.  IS 2010: Curriculum Guidelines for Undergraduate Degree Programs in Information Systems , 2010, Commun. Assoc. Inf. Syst..

[27]  Deborah Compeau,et al.  Computer Self-Efficacy: Development of a Measure and Initial Test , 1995, MIS Q..

[28]  Michael E. Locasto,et al.  An Experience Report on Undergraduate CyberSecurity Education and Outreach , 2009 .

[29]  Sandra Gorka,et al.  Curriculum Guidelines for Undergraduate Degree Programs in Information Technology , 2008 .

[30]  Mo Adam Mahmood,et al.  Employees' Behavior towards IS Security Policy Compliance , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[31]  Andy Ju An Wang Web-based interactive courseware for information security , 2005, SIGITE '05.

[32]  Mikko T. Siponen,et al.  Motivating IS security compliance: Insights from Habit and Protection Motivation Theory , 2012, Inf. Manag..

[33]  Brady R. Stevenson,et al.  Teaching security best practices by architecting and administering an IT security lab , 2004, CITC5 '04.

[34]  Patricia Y. Logan,et al.  Teaching students to hack: curriculum issues in information security , 2005 .

[35]  C. Carmean,et al.  Mind over matter: Transforming course management systems into effective learning environments , 2002 .

[36]  Gabriele Meiselwitz Information security across disciplines , 2008, SIGITE '08.

[37]  Irene Woon,et al.  A Protection Motivation Theory Approach to Home Wireless Security , 2005, ICIS.

[38]  Judith V. Boettcher Course Management Systems and Learning Principles: Getting To Know Each Other.... , 2003 .