| Organizational environments present users with numerous choices for using computing devices that necessitate increased attention to information security. The increased use of social networking technologies in organizations, and the availability of personal information on social networking sites such as Linkedln, Facebook, and Twitter further augment the security threats posed by employees. A number of recent security incidents have captured media attention by bringing to light the financial and reputational losses that can occur in organizations due to security incidents. Of particular importance are security incidents caused by the negligence or carelessness of employees. Although, the extant literature in information security has established the importance of implementing training programs to educate users on information security best practices, little work has been conducted to examine how to improve the effectiveness of information security training programs. Drawing on attitude change, self-efficacy, and learning theories, this study explores the influence of information security training strategies on affective and cognitive dimensions of users. The study specifically focuses on the following two aspects: characteristics of information security training program that enhance training effectiveness and the factors that affect information security task performance.;An experimental methodology was utilized to investigate the characteristics of information security training programs that affect training effectiveness and security task performance. The results of the study provide support for developing information security training efforts based on a constructivist and instructional design theory approach. Overall, this research contributes to the literature by furthering our understanding of (1) the characteristics of the information security training program that results in positive improvements in affective and cognitive elements of users, (2) the factors that positively affect information security task performance. The results of the study are beneficial for information security practitioners and researchers in developing information security training programs and communication practices. The theoretical approach and findings also provide avenues for future research. |
