Abstract
Users of information systems are increasingly being attacked and exploited by cyber criminals. Information Security Awareness addresses how users can be convinced to behave compliantly to a company’s information security policies. This paper explores the potential of e-Learning as a tool to increase the information security awareness of users. The factors that ultimately lead to information security-compliant behavior are the factors knowledge, habit, salience, and behavioral intent. By looking at the peculiarities of e-Learning, the chances and limitations of influencing these factors are examined exploratory. The basis for this is Bloom’s Taxonomy from learning theory. The paper shows that e-Learning can help influencing knowledge and habit of a person. The salience and intention of a person, however, can only be influenced in combination with other factors. Especially with affective emotions and beliefs, e-Learning can also have negative effects. The paper also gives an outlook on how further quantitative research could help to ultimately shape effective e-Learning courses.
You have full access to this open access chapter, Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
As digitization progresses, the demand on the security of the data and information processed grows as well. To protect the confidentiality, integrity, and availability of information, technical security controls such as firewalls and virus scanners are established. Attackers, however, increasingly attack and exploit the human factor in information systems: the user [12, 29]. The main types of attacks today are phishing, malware, and social engineering [14]. With the help of these attacks, the hackers are not only able to harm private users, but also companies, research institutions, or even whole countries.
The research area Information Security Awareness (ISA) addresses how people can be convinced to behave in accordance with information security policies, guidelines, or best practices. High ISA should minimize the risk that users are exploited as weak spots in the information security concept. Especially in companies, security awareness campaigns are utilized to sensitize employees towards their role in securing their companies’ information assets. ISA is a complex result of a multitude of factors [3, 11, 27]. In addition to knowledge, salience and habit it consists of the intention of a person to behave properly and the necessary organizational aspects enabling people to behave securely. Proper security awareness measures should therefore consider all aspects: knowledge, salience, habit, intention, and organization [27].
E-Learning is a popular way to teach people. Forecasts assume that the e-Learning market will continue to grow in the next years [26]. Policy makers are tempted by the many benefits of e-Learning, such as increasing economic competitiveness, cost effectiveness, or more generally the opportunity for better education [5]. Companies regard compliance and IT expertise as potential contents that can be conveyed via e-Learning [18]. Hagen et al. [21] investigate the effects of an e-Learning tool that has been used to improve ISA. They were able to see significant changes in attendees’ awareness and behavior after using e-Learning. Therefore, e-Learning can be an easy, low-priced method to familiarize people with information security in addition to posters, flyers, or offline training. To generate insights about the benefits of e-Learning regarding improving employees’ ISA, this study follows an exploratory approach. Based on the factors presented by [27], this paper evaluates the possibilities and limitations of e-Learning in order to influence the behavior of employees with regard to information security. As a result, the paper shows that e-Learning is basically suitable for influencing cognitive, psychomotor, and also affective factors. While knowledge and habits are easy to convey in the digital field, it is only to a limited extent true for salience and the behavioral intention of a person.
The paper is structured as follows: In the second chapter we introduce the research field of ISA and explain the basics of learning and e-learning. In the next chapter, Analysis, we examine e-learning for its suitability for influencing the ISA. In the fourth chapter we discuss these findings and give an outlook on future research on this topic.
2 Basics
2.1 Information Security Awareness
Information Security Awareness has been established as a separate research area within information security. It targets the “human factor” and how IT users can be brought to an information security-compliant behavior. Attackers now prefer to attack the user to gain access to proprietary information [14]. This approach requires less effort than technically attacking IT systems, using classical methods such as brute-forcing. In addition to technical security controls, it is therefore also important to actively involve the user in the information security concept of a company. One commonly realized method for this involvement are security awareness campaigns. These campaigns aim for motivating IT users to use their theoretical knowledge about information security in practice [3] and for convincing them of the importance of their actions. Today, ISA campaigns mainly do one thing [2]: In lectures, employees receive theoretical knowledge about information security. However, the actual behavior of an employee is hardly influenced by classical training [34].
Hänsch and Benenson [11] describe three possible perspectives of the term security awareness. The simplest perspective is that employees know which threats to information security exist and recognize them (“perception”). Another perspective adds that employees also know how to protect themselves and their organization against those threats (“protection”). And the third perspective is that employees know what a threat is, what they can do about it and that they behave accordingly (“behavior”). Only the last approach promises an actual increase in information security in the company. Altogether, information security awareness means that employees know how to behave in compliance with information security policies and standards (e.g., choosing a secure password), what consequences they and the company may face in the event of non-compliant behavior (e.g., loss of image and financial loss due to loss of customer data) and that they actually apply this knowledge in critical situations.
Schütz [27] describes information security compliant behavior as a result of a person’s knowledge, habit, salience, and behavioral intention in relation to a particular behavior. A particular behavior might be, for example, locking the screen when leaving the workplace. Beside the knowledge and the habit, the salience describes how tangible a behavior in the current situation is for a person. But the most complex and influential factor is the behavioral intention. The intention to behave is formed from various emotions and beliefs of a person. If a person is afraid of choosing a password or believes secure passwords are useless, the person will hardly form an intention to choose a secure password. Emotions and beliefs can be divided into three groups. The attitude towards a certain behavior, the perceived norm regarding a behavior in the environment of the person (for example colleagues or family members) and the personnel agency, which describes whether a person is confident in the execution of the behavior in the given circumstances. Despite a positively pronounced security awareness, however, the final execution of a behavior can still be prevented by organizational restrictions in the environment of a person. This is the case, for example, if the IT service for changing a password is not accessible to the user. With the knowledge of the individual factors of a person, it is possible to influence these, in order to change an unwanted behavior or to strengthen a desired behavior.
The three domains of Bloom’s Taxonomy
2.2 Learning
A common method to change behavior is learning [16]. The famous Bloom’s Taxonomy differentiates into three learning domains: Cognitive Domain, Affective Domain and Psychomotor Domain [7]. Figure 1 shows that individual domains are subdivided into levels that differ in their complexity and are followed by the learner one after the other.
The cognitive domain describes mental skills or the intellectual capability of a person. The revised version of Blooms Taxonomy divides this domain in the dimensions Knowledge and Cognitive Process. The dimension Knowledge distinguishes four different types of knowledge: Factual Knowledge (basic elements of a knowledge area), Conceptual Knowledge (interrelations between the basic elements), Procedural Knowledge (knowledge of how to do something) and Metacognitive Knowledge (awareness and knowledge of own cognition). The expression of the individual types of knowledge in a person can be assessed on the basis of the cognitive process dimension. This dimension consists of the following hierarchically structured levels: Remember (retrieving knowledge from long-term memory), understand (determine the meaning), apply (carrying out in a given situation), analyze (breaking material into parts and detecting the relation), evaluate (making judgments), and create (putting elements together to create something new) [19].
The affective domain describes feelings and emotions, such as an attitude towards a certain thing. It consists of the hierarchically structured levels: Receiving (willingness to pay attention), responding (react to the objective), valuing (attach value to an objective), organizing (organize values into priorities), and characterizing (having a value system that controls behavior) [7].
The psychomotor domain describes manual or physical skills. The domain consists of the hierarchically structured levels: Perception (using sense organs to guide activity), set (mental, physical and emotional readiness to act), guided response (imitating, and trial and error), mechanism (responses are habitual), complex overt response (performing activity skillfully), adaptation (well developed skills), and origination (creating new movement patterns for specific situations) [30].
2.3 E-Learning
E-Learning is a form of distance education. Distance education is designed to enable learners to learn, even though they are not physically in one place with the teacher or instructor. This sets distance education apart from traditional learning, which provides face-to-face sessions between teachers and learners, with both groups being in the same place at the same time [16]. In e-Learning, telecommunication technology and computers are used to enable the participants to exchange information [5]. In addition to providing information, e-Learning also enables communication with the teacher and other learners [5]. Synchronous e-Learning can be completed in real time and is made possible through technology such as live chat or video conferencing. The synchrony allows for a personal participation and a better motivation of the participants [13]. However, asynchronous e-Learning is more flexible and easy to integrate into everyday work. The asynchrony allows for a cognitive participation and helps the participants to better reflect and process the learned information [13]. In addition, there are hybrid approaches that work synchronously and asynchronously at the same time [13].
According to Ghirardini et al., e-Learning can promote three types of skills: Cognitive skills (i.e., knowledge or comprehension), interpersonal skills (i.e., presenting or negotiating), and psychomotor skills (e.g., movements) [10]. Blended learning combines different learning methods and uses both traditional learning and e-Learning approaches [8]. For example, a traditional face-to-face lecture can be enriched by combining it with an online course to deepen the learning content.
3 Analysis
A person’s Information Security Awareness is made up of several factors that influence the person’s behavior. This chapter analyzes these cognitive and affective factors and assesses how they can benefit from e-Learning.
3.1 Knowledge
Knowledge is the sum of facts, information, and skills of a person. A person acquires knowledge through experience or education. The revised version of Bloom’s Taxonomy (cf. Chapter 2) separates the knowledge of the cognitive domain and differentiates between factual knowledge, conceptual knowledge, procedural knowledge and metacognitive knowledge. We take the knowledge of secure passwords as an example. Factual knowledge is the knowledge that user accounts and passwords exist. Knowing that a password, consisting of more than eight characters and special characters, can secure a user account is conceptual knowledge. Knowing where to change the password, is procedural knowledge. Metacognitive knowledge is when a person knows they find it difficult to remember secure passwords and therefore use a password manager.
How It Affects ISA: Behavioral research declares knowledge in general as an important component to effect behavioural change. Even a strong behavioural intention is useless, if the necessary knowledge for implementing the behavior was missing [24]. A lack of knowledge is also an obstacle when developing compliant behavior regarding information security [17]. User who do not know the rules for secure passwords will not be able to behave compliantly, though they may want to. This is in line with Hänsch & Benenson’s view of the concept of ISA that the perspective behavior builds on knowledge of threats and the protection against these threats. In most cases, the knowledge needed in the information security environment requires also background knowledge about the technical functioning of information systems. Looking at the perspectives of Hänsch & Benenson shows that in the area of ISA, factual knowledge (perspective perception) and conceptual knowledge (perspective protection) are needed. In many cases, also procedural knowledge is needed to fulfill the perspective protection (e.g., requesting a certificate for secure e-mail traffic). The imparting of this quite technical knowledge can be complex depending on the behavior and the prior knowledge of the users.
How e-Learning Can Faciliate It: The acquisition and use of knowledge is the main objective of e-Learning [22]. Therefore, it is a suitable tool to strengthen the knowledge factor in the field of information security. In order to promote individual learning and convey content that is really relevant for the user, the topics to be treated should be adapted to the prior knowledge of the user. As an initial analysis, for example, the execution of a test is suitable. To accomplish this, approaches for semi-automated generation of course content can be used [10]. For the general content design of e-Learning, it should be noted that factual knowledge and conceptual knowledge are promoted equally. Procedural knowledge can be practiced through interactive simulation. The digital nature of e-Learning makes it easy to simulate digital environments needed for information security, as users already have the system at their fingertips. In addition, interactive e-Learning activities help teaching people how to use methods in new situations [10]. Similarly, it is important to consider the cognitive process dimension. In order to increase the knowledge of one person, the other levels of the process should be promoted in addition to the levels “remember” and “understand”. Knowledge can be applied in subsequent tests or simulations or can be analyzed by case studies. Evaluation of the learned can be promoted in discussion boards. The level “creating” is again very difficult to implement in e-Learning [32].
3.2 Habit
A habit is a learned sequence of actions that has become an automatic response to specific triggers [33]. The more often a behavior is carried out, the more it becomes habitual [31]. With increasing habit, the influence of the behavioral intention on the performance of the behavior eventually decreases [31]. When the impact of other factors that affect the performance of a behavior is less, the whole process of building compliant behavior is less complex.
How It Affects ISA: A habit can be used to strengthen the execution of information security compliant behavior. Studies show, that habit influences the compliance of employees with information security policies [25]. Habit is influenced by the repetition of a behavior and, in turn, a habit also positively influences the performance of a behavior. Locking the computer when leaving the workplace is an example of a frequently performed activity. After being executed a few times, employees will unconsciously lock their computer as soon as they leave the office chair, without worrying about it. The behavior became a habit. However, there are also behaviors that are performed less frequently, such as reporting a security incident. Those behaviors hardly become a habit. If employees notice an incident, they will probably first need to think about how they should behave in this situation.
How e-Learning Can Faciliate It: Before content is created for e-Learning, a fundamental check should be made as to whether it is possible to strengthen the habit for each type of behavior. If a behavior requires a lot of attention, such as the detection of phishing e-mails, or if, as mentioned earlier, the behavior needs to be performed rather rarely, there is only a limited way to increase habit. In order to habituate a suitable behavior, it must be rehearsed repeatedly. According to [10] e-Learning is actually less likely to be used for practicing psychomotor skills. However, thanks to the special characteristics of digital domains, the computer is nevertheless a suitable medium here, since everything is in reach. Habitual behaviors on computers, such as locking the screen, are rather simple tasks. E-Learning must ensure that the habit is repeated on a regular basis and linked to the necessary triggers (for example, getting up from the workplace triggers screen locking). In the classification of [30] the achievement of habitual responses corresponds to the level “mechanism”.
3.3 Salience
Something is considered salient when it stands out from its immediate environment [6]. A salient behavior must be so prominent and important for a person that they translate their behavioral intent in action. Especially when a longer period of time has elapsed after the intention to behave, salience gets even more important, so that the person remembers the behavior when it matters [24].
How It Affects ISA: For example, we assume that employees have already been persuaded not to use any external USB drives on the company computer. However, the situation does not become reality until three months later, when a representative of a supplier gives them a USB drive. Now it is important that the employees still remembers the correct behavior of not using the USB drive. The behavior must be salient for the employees. Methods from social marketing, such as the use of posters or flyers, are a suitable means to increase the salience against an information security compliant behavior [4, 27].
How e-Learning Can Faciliate It: E-Learning can be used to support social marketing campaigns. When users complete e-Learning, they already devote their attention to the content. For example, funny-looking videos could help anchoring proper behavior in the memory. However, the content of e-Learning should be coordinated with the entire marketing campaign.
3.4 Intention
The intention to behave or motivation happens before the actual behavior and ultimately influences the actual execution. With the formation of such an intention a person decides bindingly for a certain action goal. This decision can be weakened if there is a long period of time between grasping behavioral intent and actual behavior [28]. This means that after a campaign in which a behavioral intention has been formed, employees also need the opportunity to apply the desired behavior as quickly as possible in the working environment. The behavioral intent is very complex and is made up of three constructs: the attitude, the perceived norm, and the personal agency of a person.
How It Affects ISA: The intention is an important construct in terms of ISA and, in contrast to the other factors, is strongly dominated by a person’s affection. The attitude results from the experiential attitude (“What have I experienced while performing the behavior in the past?”), which is influenced by feelings, and the instrumental attitude (“What are the consequences of the execution of the behavior?”), which is affected by beliefs regarding the effects of the behavior. For example, if a person assesses their own behavior as irrelevant (“Nobody cares about what I have on my computer.”), they will also have a rather negative attitude towards the behavior. The perceived norm is also subdivided into two areas: the injunctive norm (reflects the person’s beliefs about what behavior their social environment expects of them), and the descriptive norm (describes the beliefs of how the environment itself behaves). If managers expect their staff to lock the screen when leaving the workplace, but do not follow the rule themselves, the employees’ injunctive and descriptive norm will diverge. The personal agency is formed by the perceived control (“Is the execution of the behavior simple or difficult in view of the circumstances?”), and the self-efficacy (“Do I dare to perform the behavior with my abilities?”). These, too, are created by the beliefs of a person.
How e-Learning Can Faciliate It: To influence a person’s intention to behave in compliance with information security, An e-Learning course should address the person’s feelings and beliefs [24]. In order to influence the beliefs of a person, they can vary in their strength, that is, strengthened or weakened depending on the desired behavior, or changed [1]. Beliefs, for example, may change if contradictory information is presented to the person who believes [15]. When a person is told how much important data is on their computer, or how an attacker can use the computer to access other systems in an organization, their opinions change that their careless behavior makes no difference. Interactive multimedia, such as e-Learning, is generally considered useful in the affective domain [20]. By conducting e-Learning, the user has already reached the first level of the affective domain of the Bloom Taxonomy “receiving”. E-Learning can be used to promote the achievement of the other levels. Through active participation in an e-Learning course and the use of synchronous components, it is possible to initiate discussions in live chats, the second stage “responding” is encouraged. At the same time, the perceived norm is influenced. The following stages are more difficult to influence [9] and can be achieved, for example, through moderated discussions. But this should be more feasible in a discussion in which the participants are on site. [23] found that e-Learning can produce both positive and negative consequences in the affective domain. Negative consequences may arise from failing technology, too little emotional support, or simply the difficulty of self-regulated learning. If a participant bothers about failing the e-Learning, they might associate the negative emotion with the behavior. For participants, it is therefore also important to have a synchronous or asynchronous contact with a real person during the execution of an e-Learning course. This can alleviate the negative consequences and at the same time encourage the participants to strengthen personal agency.
4 Discussion
In the previous analysis, e-Learning could generally be identified as a suitable tool for ISA campaigns. E-Learning was invented for the communication of knowledge and, consequently, clearly has its strengths in this regard. Especially factual, conceptual, and procedural knowledge can be taught via e-Learning. However, due to the digital nature and the isolated learning environment, it is difficult to reach all levels of Bloom’s Taxonomy. E-Learning is a suitable training tool to build habits for digital behaviors. However, it should be examined if a specific behavior is suitable for becoming a habit. In the area of salience, e-Learning cannot replace, but certainly support, social marketing measures. In the area of forming an intention, e-Learning can also help influencing affective factors, such as emotions and beliefs about a behavior. However, a large part of the success depends on the quality of the synchronous and asynchronous discussion options. If discussions or support are insufficient, e-Learning can also have negative effects [23]. As a consequence, in order to reach the higher levels of a person’s affective domain, e-Learning cannot sufficiently replace face-to-face events.
It should be noted that the analysis of the individual situation of a person is a basic requirement for the design of a targeted ISA e-Learning course. The purpose of such an analysis is to identify which information security behaviors are a relevant content to be presented in the e-Learning. For example, if a user is already well versed in password security, they may not need to attend an e-Learning about the topic. The analysis also provides for attitudes a user has regarding these behaviors [27].
For the initiator, organizing e-learning offers some advantages. E-Learning has great scalability and allows for many people attending a course at the same time. In addition, an e-Learning course involves less organizational effort compared to classroom sessions. For example, no rooms need to be reserved or appointments arranged. For the users themselves, e-Learning has the big advantage that they can freely organize their time. However, this could be a disadvantage, if users are not able to motivate themselves for self-responsible learning.
This paper examines the suitability of e-Learning from a purely exploratory point of view and using common learning theories. Only the basic suitability can be examined and theses generated, which should be evaluated quantitatively as a next step. Based on quantitative results concrete recommendations for the design of an e-Learning for security awareness can be given. In order to enable quantitative checks, however, it is being necessary to further research the success and effectiveness measurements of e-Learning in particular and information security awareness in general.
References
Ajzen, I.: Behavioral interventions based on the theory of planned behavior: brief description of the theory of planned behavior (2006). https://people.umass.edu/aizen/pdf/tpb.intervention.pdf
Allianz fuer Cybersicherheit: Awareness-Umfrage 2015. Technical report, Bonn, May 2016
Bada, M., Sasse, A.M., Nurse, J.R.: Cyber Security Awareness Campaigns: Why do they fail to change behaviour? In: Global Cyber Security Capacity Centre: Draft Working Paper, pp. 131–188 (2014)
Baranowski, T., Cullen, K.W., Nicklas, T., Thompson, D., Baranowski, J.: Are current health behavioral change models helpful in guiding prevention of weight gain efforts? Obesity 11(10), 23–43 (2003). https://doi.org/10.1038/oby.2003.222
Bates, T.: Technology, E-Learning and Distance Education. RoutledgeFalmer Studies in Distance Education, 2nd edn. Routledge, London (2005)
Baumeister, R.F.F., Vohs, K.D.D.: Encyclopedia of Social Psychology. SAGE, Thousand Oaks (2007). http://gbv.eblib.com/patron/FullRecord.aspx?p=996937
Bloom, B.S., Krathwohl, D.R.: Taxonomy of educational objectives; the classification of educational goals by a committee of college and university examiners. In: Handbook I: Cognitive Domain. Longmans, Green (1956)
Bonk, C.J., Graham, C.R. (eds.): The Handbook of Blended Learning: Global Perspectives. Local Designs. Pfeiffer Essential Resources for Training and HR Professionals, 1st edn. Pfeiffer, San Francisco (2006)
Boyd, B.L., Dooley, K.E., Felton, S.: Measuring learning in the affective domain using reflective writing about a virtual international agriculture experience. J. Agric. Educ. 47(3), 24–32 (2006). https://doi.org/10.5032/jae.2006.03024
Ghirardini, B., Food and Agriculture Organization of the United Nations, Germany, Bundesministerium für Ernährung, L.u.V.: E-learning methodologies: a guide for designing and developing e-learning courses. Food and Agriculture Organization of the United Nations, Rome (2011). oCLC: 805047485
Hänsch, N., Benenson, Z.: Specifying IT security awareness. In: 2014 25th International Workshop on Database and Expert Systems Applications, pp. 326–330, September 2014. https://doi.org/10.1109/DEXA.2014.71
Hirshfield, L., et al.: The role of human operators’ suspicion in the detection of cyber attacks. Int. J. Cyber Warfare Terrorism 5(3), 28–44 (2015). https://doi.org/10.4018/IJCWT.2015070103
Hrastinski, S.: Asynchronous and synchronous e-learning. Educause Quarterley 31(4), 51–55 (2008)
ISACA: State of Cybersecurity 2017. Part 2: Current Trends in Threat Landscape. Technical report, ISACA, 3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USA (2017). http://www.isaca.org/Knowledge-Center/Research/Documents/state-of-cybersecurity-2017-part-2_res_eng_0517.pdf
Kabay, M.E., Robertson, B., Akella, M., Lang, D.T.: Using social psychology to implement security policies. In: Computer Security Handbook, pp. 50.1–50.25. Wiley (2012). https://doi.org/10.1002/9781118820650.ch50
Kahiigi, E.K., Ekenberg, L., Tusubira, F.F., Danielson, M.: Exploring the e-learning state of the art. Electron. J. e-Learn. 6(2), 77–88 (2008)
Khan, B., Alghatbar, K.S., Nabi, S.I., Khan, M.: Effectiveness of information security awareness methods based on psychological theories. African J. Bus. Manage. 26(5), 10862–10868 (2011)
mmb Institut - Gesellschaft für Medien-und Kompetenzforschung mbH: Weiterbildung und Digitales Lernen heute und in drei Jahren: Erklärfilme als Umsatzbringer der Stunde Ergebnisse der 12. Trendstudie mmb Learning Delphi“. Technical report (2018)
Krathwohl, D.R.: A revision of bloom’s taxonomy: an overview. Theory Into Pract. 41(4), 212–218 (2002)
McFarland, D.: Multimedia in higher education. Katharine Sharp Rev. 3(3) (1996)
Merete Hagen, J., Albrechtsen, E.: Effects on employees’ information security abilities by e-learning. Inf. Manag. Comput. Secur. 17(5), 388–407 (2009). https://doi.org/10.1108/09685220911006687
Meyen, E.L., Tangen, P., Lian, C.H.: Developing online instruction: partnership between instructors and technical developers. J. Special Educ. Technol. 14(1), 18–31 (1999). https://doi.org/10.1177/016264349901400102
Moneta, G.B., Kekkonen-Moneta, S.S.: Affective learning in online multimedia and lecture versions of an introductory computing course. Educ. Psychol. 27(1), 51–74 (2007)
Montaño, D.E., Kasprzyk, D.: Theory of reasoned action, theory of planned behavior, and the integrated behavior model. In: Glanz, K., Barbara, K., Viswanath, K. (eds.) Health Behavior and Health Education, pp. 67–96. Wiley, Hoboken (2008)
Pahnila, S., Siponen, M., Mahmood, A.: Employees’ behavior towards is security policy compliance. In: 2007 40th Annual Hawaii International Conference on System Sciences (HICSS 2007), p. 156b, January 2007. https://doi.org/10.1109/HICSS.2007.206
Reportlinker: Global E-Learning Market Outlook (2014–2022) (2015). https://www.prnewswire.com/news-releases/global-e-learning-market-outlook-2014-2022-300146534.html
Schütz, A.E.: Information security awareness: it’s time to change minds! In: Proceedings of International Conference on Applied Informatics Imagination, Creativity, Design, Development - ICDD 2018. Sibiu, Romania (2018)
Schwarzer, R.: Psychologie des Gesundheitsverhaltens: Einführung in die Gesundheitspsychologie. Hogrefe, Göttingen, 3, überarb. aufl. edn. (2004)
Semba, B., Eymann, T.: Developing a Model to Analyze the Influence of Personal Values on IT Security Behavior. In: Tagungsband Multikonferenz Wirtschaftsinformatik 2016, pp. 1083–1091. TU Ilmenau, Ilmenau (2016)
Simpson, E.J.: The classification of educational objectives in the psychomotor domain. Technical report, University of Illinois, Urbana (1966)
Triandis, H.C.: Interpersonal Behavior. Brooks/Cole, Monterey Calif (1977)
Tulsiani, R.: Applying bloom’s taxonomy in eLearning, July 2017. https://elearningindustry.com/blooms-taxonomy-applying-elearning
Verplanken, B., Aarts, H.: Habit, attitude, and planned behaviour: is habit an empty construct or an interesting case of goal-directed automaticity? Eur. Rev. Soc. Psychol. 10(1), 101–134 (1999). https://doi.org/10.1080/14792779943000035
Wolf, M.: Von Security Awareness zum Secure Behaviour. Hakin9 Extra 5, 18–19 (2012)
Acknowledgments
Andreas E. Schütz was supported by the BayWISS Consortium Digitization.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Schütz, A.E., Fertig, T., Weber, K., Müller, N.H. (2019). How E-Learning Can Facilitate Information Security Awareness. In: Zaphiris, P., Ioannou, A. (eds) Learning and Collaboration Technologies. Designing Learning Experiences. HCII 2019. Lecture Notes in Computer Science(), vol 11590. Springer, Cham. https://doi.org/10.1007/978-3-030-21814-0_30
Download citation
DOI: https://doi.org/10.1007/978-3-030-21814-0_30
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-21813-3
Online ISBN: 978-3-030-21814-0
eBook Packages: Computer ScienceComputer Science (R0)