Towards Personalized User Training for Secure Use of Information Systems
|
Damjan Fujs Faculty of Computer and Information Science, University of Ljubljana, Slovenia This email address is being protected from spambots. You need JavaScript enabled to view it. |
Simon Vrhovec Faculty of Criminal Justice and Security, University of Maribor, Slovenia This email address is being protected from spambots. You need JavaScript enabled to view it. |
Damjan Vavpotič Faculty of Computer and Information Science, University of Ljubljana, Slovenia This email address is being protected from spambots. You need JavaScript enabled to view it. |
Abstract: Information Systems (IS) represent an integral part of our lives, both in the organizational and personal sphere. To use them securely, users must be properly trained. The main problem is that most training processes still use the one-size-fits-all approach where users receive the same kind of learning material. In addition, personalized training may be a more suitable approach however a comprehensive process for IS user profiling and personalized IS user training improvement has not been introduced yet. This paper proposes a novel approach for personalized user training for secure use of IS to fill in this gap. The proposed approach focuses on three key dimensions (i.e., the personalization process, selection of training tools and materials, and participants) and is composed of five phases covering the identification of key IS security elements, IS user profiling and personalization of IS security training. It is scalable to all company sizes and aims to lower both the IS training costs and optimization of outcomes. As a side-effect, it also helps to lower user resistance to participation in IS security training.
Keywords: Education, training, awareness, adaptation, tailoring, information security, cost-benefit.
Received July 27, 2020; accepted October 10, 2021