Critical success factors for Security Education, Training and Awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives

dc.contributor.authorAlyami, Areej
dc.contributor.authorSammon, David
dc.contributor.authorNeville, Karen
dc.contributor.authorMahony, Carolanne
dc.date.accessioned2024-08-30T13:48:41Z
dc.date.available2024-08-29T20:56:03Zen
dc.date.available2024-08-30T13:48:41Z
dc.date.issued2024-01-22
dc.date.updated2024-08-29T19:56:07Zen
dc.description.abstractPurpose: Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and trained information system (IS)/cyber security professionals elevate the importance of delivering effective Security Education,Training and Awareness (SETA) programmes within organisations. Therefore, the purpose of this study is the questionable effectiveness of SETA programmes at changing employee behaviour and an absence of empirical studies on the critical success factors (CSFs) for SETA programme effectiveness. Design/methodology/approach: This exploratory study follows a three-stage research design to give voice to practitioners with SETA programme expertise. Data is gathered in Stage 1 using semi-structured interviews with 20 key informants (the emergence of the CSFs), in Stage 2 from 65 respondents to a short online survey (the ranking of the CSFs) and in Stage 3 using semi-structured interviews with nine IS/cyber security practitioners (the emergence of the guiding principles). Using a multi-stage research design allows the authors to propose and evaluate the 11 CSFs for SETA programme effectiveness. Findings: This study conducted a mean score analysis to evaluate the level of importance of each CSF within two independent groups of IS/cyber security professionals. This multi-stage analysis produces a ranked list of 11 CSFs for SETA programme effectiveness, while the difference in the rankings leads to the emergence of five CSF-specific guiding principles (to increase the likelihood of delivering an effective SETA programme within an organisational context). This analysis also reveals that most of the contradictions/differences in CSF rankings between IS/cyber security practitioners are linked to the design phase of the SETA programme life cycle. While two CSFs, “maintain quarterly evaluation of employee performance” (CSF-DS6) and “build security awareness campaigns” (CSF-EV1), represent the most significant contradiction in this study. Originality/value: The 11 CSFs for SETA programme effectiveness, along with the five CSF-specific guiding principles, provide a greater depth of knowledge contributing to both theory and practice and lays the foundation for future studies. Therefore, the outputs of this study provide valuable insights on the areas that practice needs to get right to deliver effective SETA programmes.
dc.description.statusPeer revieweden
dc.description.versionPublished Version
dc.format.mimetypeapplication/pdfen
dc.identifier.citationAlyami, A., Sammon, D., Neville, K. and Mahony, C. (2024) ‘Critical success factors for Security Education, Training and Awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives’, Information & Computer Security, 32(1), pp. 53–73. Available at: https://doi.org/10.1108/ICS-08-2022-0133
dc.identifier.doihttps://doi.org/10.1108/ICS-08-2022-0133
dc.identifier.endpage73
dc.identifier.issn2056-4961
dc.identifier.issued1
dc.identifier.journaltitleInformation & Computer Security
dc.identifier.startpage53
dc.identifier.urihttps://hdl.handle.net/10468/16240
dc.identifier.volume32
dc.language.isoenen
dc.publisherEmerald
dc.rights© 2023, Areej Alyami, David Sammon, Karen Neville and Carolanne Mahony. Published by Emerald Publishing Limited. This article is published under the Creative Commons Attribution (CC BY 4.0) licence. Anyone may reproduce, distribute, translate and create derivative works of this article (for both commercial and non-commercial purposes), subject to full attribution to the original publication and authors. The full terms of this licence may be seen at http://creativecommons.org/licences/by/4.0/legalcode
dc.rights.urihttp://creativecommons.org/licenses/by/4.0/
dc.subjectSETA programme
dc.subjectEffectiveness
dc.subjectSecurity
dc.subjectCyber
dc.subjectCSFs
dc.subjectTraining
dc.subjectCritical Success factors
dc.subjectInformation security
dc.subjectEducation
dc.titleCritical success factors for Security Education, Training and Awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectivesen
dc.typeArticle (peer-reviewed)
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
10-1108_ICS-08-2022-0133.pdf
Size:
1.21 MB
Format:
Adobe Portable Document Format
Description:
Published version