The Influence of Self-Determined Motivation on Security Education Training and Awareness (SETA) Programs

Despite the best efforts of many organizations, protection of information assets continues to be a major problem for a number of firms. A large portion of data breaches can be attributed to employees of the organization, who have been commonly identified as the weakest link in an organization’s overall security profile. Organizations implement security policies to give their employees guidelines for appropriate behavior related to information protection. For policies to be effective, employees must exhibit adequate comprehension of the secure behaviors described in the policy. Security Education, Training, and Awareness (SETA) programs have been utilized as an organizational mechanism for communicating the details of security policies and the importance of employees’ compliance. Although researchers have identified the importance of SETA programs in the implementation of security policies, individual differences among employees may contribute to the effectiveness of a SETA program. One such difference is an employee’s orientation toward self-determined (intrinsic) or control-oriented (extrinsic) forms of motivation related to both the workplace context and situational tasks, such as participation in a SETA program. A theoretical model is developed to assess the influence of an employee’s overall work motivation and perceptions of the work environment on his or her situational motivation toward participating in an organization’s SETA program. Methods for capturing the hypothesized relationships and analysis of the associated data are described. The findings indicate that an employee’s perceptions of autonomy, competence, and relatedness while participating in the SETA program have a significant impact on the employee’s motivation toward the SETA program. SETA program motivation significantly influenced an employee’s attitude toward the information security policy (ISP), cognition of ISP concepts, and intention to comply with the ISP while also serving as a significant predictor of an employee’s decision to participate in an additional training program. Implications for both research and practice are discussed

Training Wheels: A New Approach to Teaching Mobile Device Security

Despite massive investments in cyber security education, training, and awareness programs, most people retain unsafe mobile computing habits. They not only jeopardize their own data, but also risk the security of their associated organizations. It appears that conventional training programs are not ingraining sound security practices on trainees. This research questions the efficacy of legacy SETA frameworks and proposes a new cyber training tool for mobile devices. The tool is called Training Wheels. Training Wheels stands a number of cyber security training practices on their heads: instead of using punitive methods of reinforcement it provides rewards to encourage good behavior, instead of summary measures of security compliance it gives real-time feedback, and instead of isolating participants it displays participants’ performance relative to their peers. These changes are grounded in established psychological theory. They are incorporated as key features of Training Wheels. Besides introducing the new training tool, this study also provides recommendations for its usage and implications for research

A New Approach to Mobile Device Authentication

The effectiveness of primary and secondary authentication systems on mobile devices leaves room for improvement. Device manufacturers provide security features which require users to memorize long, complex passwords and/or provide biometric information. These approaches have drawbacks which make their continued usage untenable. Users are already inundated with passwords and regularly forget answers to security challenges. People are growing resistant to sharing their biometrics with device manufacturers. An authentication solution which overcome these limitations are essential. This research addresses this need by proposing a new method for mobile device authentication. First, it reviews past and current approaches to authentication. It then identifies design goals for future mobile device authentication systems. Finally, it describes a new model for backup mobile device authentication. The proposed model integrates video with social authentication for asynchronous secondary verification

Shared Benefits and Information Privacy: What Determines Smart Meter Technology Adoption?

An unexplored gap in IT adoption research concerns the positive role of shared benefits even when personal information is exposed. To explore the evaluation paradigm of shared benefits versus the forfeiture of personal information, we analyze how utility consumers use smart metering technology (SMT). In this context, utility companies can monitor electricity usage and directly control consumers’ appliances to disable them during peak load conditions. Such information could reveal consumers’ habits and lifestyles and, thus, stimulating concerns about their privacy and the loss of control over their appliances. Responding to calls for theory contextualization, we assess the efficacy of applying extant adoption theories in this emergent context while adding the perspective of the psychological ownership of information. We use the factorial survey method to assess consumers’ intentions to adopt SMT in the presence of specific conditions that could reduce the degree of their privacy or their control over their appliances and electricity usage data. Our findings suggest that, although the shared benefit of avoiding disruptions in electricity supply (brownouts) is a significant factor in electricity consumers’ decisions to adopt SMT, concerns about control and information privacy are also factors. Our findings extend the previous adoption research by exploring the role of shared benefits and could provide utility companies with insights into the best ways to present SMT to alleviate consumers’ concerns and maximize its adoption

Using Experts for Improving Project Cybersecurity Risk Scenarios

This study implemented an expert panel to assess the content validity of hypothetical scenarios to be used in a survey of cybersecurity risk across project meta-phases. Six out of 10 experts solicited completed the expert panel exercise. Results indicate that although experts often disagreed with each other and on the expected mapping of scenario to project meta-phase, the experts generally found risk present in the scenarios and across all three project meta-phases, as hypothesized

Dynamics of vitamin D in patients with mild or inactive inflammatory bowel disease and their families

BACKGROUND: 25(OH) vitamin D levels may be low in patients with moderately or severely active inflammatory bowel diseases (IBD: Crohn’s disease and Idiopathic Ulcerative Colitis) but this is less clear in patients with mild or inactive IBD. Furthermore there is limited information of any family influence on 25(OH) vitamin D levels in IBD. As a possible risk factor we hypothesize that vitamin D levels may also be low in families of IBD patients. OBJECTIVES: To evaluate 25[OH] vitamin D levels in patients with IBD in remission or with mild activity. A second objective is to evaluate whether there are relationships within IBD family units of 25[OH] vitamin D and what are the influences associated with these levels. METHODS: Participants underwent medical history, physical examination and a 114 item diet questionnaire. Serum 25[OH] vitamin D was measured, using a radioimmunoassay kit, (replete ≥ 75, insufficient 50–74, deficient < 25–50, or severely deficient < 25 nmol/L). Associations between 25[OH] vitamin D and twenty variables were evaluated using univariate regression. Multivariable analysis was also applied and intrafamilial dynamics were assessed. RESULTS: 55 patients and 48 controls with their respective families participated (N206). 25[OH] vitamin D levels between patients and controls were similar (71.2 ± 32.8 vs. 68.3 ±26.2 nmol/L). Vitamin D supplements significantly increased intake but correlation with serum 25[OH] vitamin D was significant only during non sunny months among patients. Within family units, patients’ families had mean replete levels (82.3 ± 34.2 nmol/L) and a modest correlation emerged during sunny months between patients and family (r(2) =0.209 p = 0.032). These relationships were less robust and non significant in controls and their families. CONCLUSIONS: In patients with mild or inactive IBD 25[OH] vitamin D levels are less than ideal but are similar to controls. Taken together collectively, the results of this study suggest that patient family dynamics may be different in IBD units from that in control family units. However contrary to the hypothesis, intra familial vitamin D dynamics do not pose additional risks for development of IBD