Critical success factors for Security Education, Training and Awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives
| dc.contributor.author | Alyami, Areej | |
| dc.contributor.author | Sammon, David | |
| dc.contributor.author | Neville, Karen | |
| dc.contributor.author | Mahony, Carolanne | |
| dc.date.accessioned | 2024-08-30T13:48:41Z | |
| dc.date.available | 2024-08-29T20:56:03Z | en |
| dc.date.available | 2024-08-30T13:48:41Z | |
| dc.date.issued | 2024-01-22 | |
| dc.date.updated | 2024-08-29T19:56:07Z | en |
| dc.description.abstract | Purpose: Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and trained information system (IS)/cyber security professionals elevate the importance of delivering effective Security Education,Training and Awareness (SETA) programmes within organisations. Therefore, the purpose of this study is the questionable effectiveness of SETA programmes at changing employee behaviour and an absence of empirical studies on the critical success factors (CSFs) for SETA programme effectiveness. Design/methodology/approach: This exploratory study follows a three-stage research design to give voice to practitioners with SETA programme expertise. Data is gathered in Stage 1 using semi-structured interviews with 20 key informants (the emergence of the CSFs), in Stage 2 from 65 respondents to a short online survey (the ranking of the CSFs) and in Stage 3 using semi-structured interviews with nine IS/cyber security practitioners (the emergence of the guiding principles). Using a multi-stage research design allows the authors to propose and evaluate the 11 CSFs for SETA programme effectiveness. Findings: This study conducted a mean score analysis to evaluate the level of importance of each CSF within two independent groups of IS/cyber security professionals. This multi-stage analysis produces a ranked list of 11 CSFs for SETA programme effectiveness, while the difference in the rankings leads to the emergence of five CSF-specific guiding principles (to increase the likelihood of delivering an effective SETA programme within an organisational context). This analysis also reveals that most of the contradictions/differences in CSF rankings between IS/cyber security practitioners are linked to the design phase of the SETA programme life cycle. While two CSFs, “maintain quarterly evaluation of employee performance” (CSF-DS6) and “build security awareness campaigns” (CSF-EV1), represent the most significant contradiction in this study. Originality/value: The 11 CSFs for SETA programme effectiveness, along with the five CSF-specific guiding principles, provide a greater depth of knowledge contributing to both theory and practice and lays the foundation for future studies. Therefore, the outputs of this study provide valuable insights on the areas that practice needs to get right to deliver effective SETA programmes. | |
| dc.description.status | Peer reviewed | en |
| dc.description.version | Published Version | |
| dc.format.mimetype | application/pdf | en |
| dc.identifier.citation | Alyami, A., Sammon, D., Neville, K. and Mahony, C. (2024) ‘Critical success factors for Security Education, Training and Awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives’, Information & Computer Security, 32(1), pp. 53–73. Available at: https://doi.org/10.1108/ICS-08-2022-0133 | |
| dc.identifier.doi | https://doi.org/10.1108/ICS-08-2022-0133 | |
| dc.identifier.endpage | 73 | |
| dc.identifier.issn | 2056-4961 | |
| dc.identifier.issued | 1 | |
| dc.identifier.journaltitle | Information & Computer Security | |
| dc.identifier.startpage | 53 | |
| dc.identifier.uri | https://hdl.handle.net/10468/16240 | |
| dc.identifier.volume | 32 | |
| dc.language.iso | en | en |
| dc.publisher | Emerald | |
| dc.rights | © 2023, Areej Alyami, David Sammon, Karen Neville and Carolanne Mahony. Published by Emerald Publishing Limited. This article is published under the Creative Commons Attribution (CC BY 4.0) licence. Anyone may reproduce, distribute, translate and create derivative works of this article (for both commercial and non-commercial purposes), subject to full attribution to the original publication and authors. The full terms of this licence may be seen at http://creativecommons.org/licences/by/4.0/legalcode | |
| dc.rights.uri | http://creativecommons.org/licenses/by/4.0/ | |
| dc.subject | SETA programme | |
| dc.subject | Effectiveness | |
| dc.subject | Security | |
| dc.subject | Cyber | |
| dc.subject | CSFs | |
| dc.subject | Training | |
| dc.subject | Critical Success factors | |
| dc.subject | Information security | |
| dc.subject | Education | |
| dc.title | Critical success factors for Security Education, Training and Awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives | en |
| dc.type | Article (peer-reviewed) |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- 10-1108_ICS-08-2022-0133.pdf
- Size:
- 1.21 MB
- Format:
- Adobe Portable Document Format
- Description:
- Published version