Forget the Fluff: Examining How Media Richness Influences the Impact of Information Security Training on Secure Behavior

User-initiated security breaches are common and can be very costly to organizations. Information security training can be used as an effective tool to improve users' secure behavior and thus alleviate security breaches. Via the lens of learning, media richness, and cognitive load theories, this research examines how to improve the effectiveness of security training. We conduct a realistic laboratory experiment to examine the influence of training with different degrees of media richness on secure behavior. We found that training with lean media richness improved secure behavior more than training with highly-rich media. Suggestions for researchers and practitioners are provided.

[1]  Jerald Greenberg,et al.  The College Sophomore as Guinea Pig: Setting the Record Straight , 1987 .

[2]  John R. Carlson,et al.  Channel Expansion Theory and the Experiential Nature of Media Richness Perceptions , 1999 .

[3]  J. Edwards Genetic Epistemology , 1971 .

[4]  Alexandra Durcikova,et al.  Get a Cue on IS Security Training: Explaining the Difference between how Security Cues and Security Arguments Improve Secure Behavior , 2011, ICIS.

[5]  Albert L. Harris,et al.  The impact of information richness on information security awareness training effectiveness , 2009, Comput. Educ..

[6]  Merrill Warkentin,et al.  The Influence of Perceived Source Credibility on End User Attitudes and Intentions to Comply with Recommended IT Actions , 2010, J. Organ. End User Comput..

[7]  France Bélanger,et al.  Abuse or learning? , 2002, CACM.

[8]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[9]  Jay F. Nunamaker,et al.  Encouraging Users to Behave Securely: Examining the Influence of Technical, Managerial, and Educational Controls on Users' Secure Behavior , 2010, ICIS.

[10]  G. A. Miller THE PSYCHOLOGICAL REVIEW THE MAGICAL NUMBER SEVEN, PLUS OR MINUS TWO: SOME LIMITS ON OUR CAPACITY FOR PROCESSING INFORMATION 1 , 1956 .

[11]  Benjamin B. M. Shao,et al.  A Behavioral Analysis of Passphrase Design and Effectiveness , 2009, J. Assoc. Inf. Syst..

[12]  Peter A. Todd,et al.  Understanding Information Technology Usage: A Test of Competing Models , 1995, Inf. Syst. Res..

[13]  Atreyi Kankanhalli,et al.  Studying users' computer security behavior: A health belief perspective , 2009, Decis. Support Syst..

[14]  Martina Angela Sasse,et al.  Why users compromise computer security mechanisms and how to take remedial measures. , 1999 .

[15]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[16]  D. Scott Brandt Constructivism: teaching for understanding of the Internet , 1997, CACM.

[17]  Qing Hu,et al.  The Centrality of Awareness in the Formation of User Behavioral Intention toward Protective Information Technologies , 2007, J. Assoc. Inf. Syst..

[18]  Richard L. Daft,et al.  Organizational information requirements, media richness and structural design , 1986 .

[19]  Donald W. Davies,et al.  Security for computer networks - an introduction to data security in teleprocessing and electronic funds transfer (2. ed.) , 1989, Wiley series in communication and distributed systems.

[20]  F. Bartlett,et al.  Remembering: A Study in Experimental and Social Psychology , 1932 .

[21]  A. Battersby Plans and the Structure of Behavior , 1968 .

[22]  J. Piaget,et al.  The equilibration of cognitive structures : the central problem of intellectual development , 1985 .

[23]  R. Daft,et al.  Information Richness. A New Approach to Managerial Behavior and Organization Design , 1983 .

[24]  Detmar W. Straub,et al.  Security concerns of system users: A study of perceptions of the adequacy of security , 1991, Inf. Manag..

[25]  R. I. Sutton,et al.  Switching Cognitive Gears: From Habits of Mind to Active Thinking , 1991 .

[26]  R. Daft,et al.  Understanding Managers' Media Choices: A Symbolic Interactionist Perspective , 1990 .

[27]  Peggy A. Ertmer,et al.  Behaviorism, Cognitivism, Constructivism: Comparing Critical Features From an Instructional Design Perspective , 2008 .

[28]  Mikko T. Siponen,et al.  Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study , 2010, MIS Q..

[29]  Izak Benbasat,et al.  Interactive Decision Aids for Consumer Decision Making in E-Commerce: The Influence of Perceived Strategy Restrictiveness , 2009, MIS Q..

[30]  Dennis F. Galletta,et al.  User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach , 2009, Inf. Syst. Res..

[31]  Laurie J. Kirsch,et al.  If someone is watching, I'll do what I'm asked: mandatoriness, control, and information security , 2009, Eur. J. Inf. Syst..

[32]  N. Mackintosh A Theory of Attention: Variations in the Associability of Stimuli with Reinforcement , 1975 .

[33]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[34]  Sanjay Goel,et al.  Estimating the market impact of security breach announcements on firm values , 2009, Inf. Manag..

[35]  Fred D. Davis,et al.  User Acceptance of Computer Technology: A Comparison of Two Theoretical Models , 1989 .

[36]  Youngjin Yoo,et al.  Media and Group Cohesion: Relative Influences on Social Presence, Task Participation, and Group Consensus , 2001, MIS Q..

[37]  C. Steinfield,et al.  A Social Information Processing Model of Media Use in Organizations , 1987 .

[38]  Robert J. House,et al.  Judgment calls in research , 1982 .

[39]  Ron Tamborini,et al.  Internet Search Behaviors and Mood Alterations: A Selective Exposure Approach , 2002 .

[40]  John Sweller,et al.  Cognitive Load During Problem Solving: Effects on Learning , 1988, Cogn. Sci..

[41]  Peggy A. Ertmer,et al.  Behaviorism, Cognitivism, Constructivism: Comparing Critical Features from a Design Perspective. , 1993 .

[42]  T. C. Edwin Cheng,et al.  Extending the Understanding of End User Information Systems Satisfaction Formation: An Equitable Needs Fulfillment Model Approach , 2008, MIS Q..

[43]  G. Miller,et al.  Plans and the structure of behavior , 1960 .