Persuasive Technology for Improving Information Security Awareness and Behavior: Literature Review

Bawazir, Mohammed A.; Mahmud, Murni; Molok, Nurul Nuha Abdul; Ibrahim, Jamaludin

doi:10.1109/ict4m.2016.054

Cited by 8 publications

(4 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…FBM is useful in persuasive design (Fogg, 2009). FBM has been used in the cybersecurity domain as well (Jordan et al , 2014; Bawazir et al , 2016; Liljestrand et al , 2019; Parkin et al , 2019; Shah and Agarwal, 2020a, 2020b). FBM posits that three elements, namely, motivation, ability and prompt, should be present simultaneously for behaviour to occur.…”

Section: Theoretical Frameworkmentioning

confidence: 99%

Cyber Suraksha: a card game for smartphone security awareness

Shah

Agarwal

2023

ICS

View full text Add to dashboard Cite

Purpose The frequency and sophistication of cybercrimes are increasing. These cybercrimes are impacting government and private organizations as well as individuals. One of the countermeasures is to improve the cyber hygiene of the end-users. Serious games or game-based learning has emerged as a promising approach for implementing security education, training and awareness program. In this paper, the researchers propose a tabletop card game called Cyber Suraksha to increase threat awareness and motivate users to adopt recommended security controls for smartphone users. Cyber Suraksha provides an active learning environment for the players. This paper aims to provide the details of the design and evaluation of the game using a between-subjects design. Design/methodology/approach The researchers have used constructive learning theory and the Fogg behaviour model (FBM) to design a tabletop card game called Cyber Suraksha. The researchers evaluated the game using a between-subjects design. The participants' responses in the control and intervention groups were collected using the risk behaviour diagnosis scale. Pearson’s Chi-Square test with a 5% significance level was used to test the hypotheses. Findings The results indicate that the game is enjoyable and fun. Cyber Suraksha game effectively motivates users to adopt the recommended security control for the targeted behaviour. The results indicate that the participants in the intervention group are 2.65 times more likely to adopt recommended behaviour. The findings of this study provide evidence for the effectiveness of hope and fear appeals in improving cybersecurity awareness. Research limitations/implications The generalizability of the study is limited because the sample size is small compared to the total number of smartphone users in India, and only students from computer/IT UG programs in India are used as participants in this study. Practical implications This study uses hope and a fear appeal to design an effective serious game. It also demonstrates using the FBM and constructive learning principles for effective serious game design. Cyber Suraksha is effective for the student group and may be tested with other age groups. Originality/value To the researchers' knowledge, there are no serious games for cybersecurity awareness focusing on the threats faced by smartphone users based on FBM and constructive learning theory. This research used hope along with a fear appeal to motivate smartphone users to adopt recommended security controls.

show abstract

Section: Theoretical Frameworkmentioning

confidence: 99%

Cyber Suraksha: a card game for smartphone security awareness

Shah

Agarwal

2023

ICS

View full text Add to dashboard Cite

show abstract

“…In consequence, not having this multidisciplinary knowledge makes the fight of companies against risks, vulnerabilities, and threats more difficult. Also, it should not be forgotten that, with the growing popularity of the Internet and its services, there is an increase in information security threats, such as social engineering, malware, and hacking, of which some users may not be aware [10]. Additionally, while many different security methods, such as intrusion detection systems and antivirus software, are used to protect IT systems from different attacks, the information security threat landscape continues to rapidly evolve and attackers are putting more effort into developing sophisticated and advanced malware and hacking methods [11].…”

Section: Introductionmentioning

confidence: 99%

Information Security in the Banking Sector: A Systematic Literature Review on Current Trends, Issues, and Challenges

Ubaldo¹,

Barreto²,

Albines³

et al. 2023

IJSSE

View full text Add to dashboard Cite

In recent years, information security has become a very important aspect, since it creates serious trouble for organizations that do not take it into consideration. In this regard, it was detected that many entities in the banking sector experience multiple problems that are mainly related to the way in which they protect their data, so it is necessary to pay close attention to this issue. For this reason, in this investigation it was decided to carry out a systematic review of the literature, obtaining 2,787 articles through searches in electronic databases. Likewise, the PRISMA method was used, which allowed the identification of 15 relevant articles to form the synthesis of the investigation. In the same way, a bibliometric analysis was carried out, which allowed knowing the gaps in knowledge. Finally, in the conclusions emphasis is placed on several aspects; for example, it is highlighted that cybercriminals constantly attack the banking sector and it is mentioned that all the research questions posed were successfully answered.

show abstract

“…It has been applied in many fields, including marketing, health, environmental, education and other areas and has been very successful in changing people's attitudes and behaviours (Bawazir, Mahmud, Abdul Molok, & Ibrahim, 2016;Preece, 2010). Accordingly, based on the principles of persuasive technology, a system designed to promote end-user's positive awareness of information security to help them create the recommended informed security actions and enhance safe working practices can be a subjective norm to establish long-term sustainability of end-users' ISA security best practices (Bawazir et al, 2016).…”

Section: Introductionmentioning

confidence: 99%

The Effects of Persuasive Technology for Influencing End-Users’ Information Security Awareness

Bawazir,

Mahmud,

Abdul Molok

et al. 2022

JISDT

View full text Add to dashboard Cite

In today’s digital world, information assets have grown in importance, demanding measures to ensure their protection. Ubiquitously, end-users are having trouble ensuring the security of their personal information. The human factor is a major source of vulnerability in the field of information security. Traditional techniques that can be used to influence information security awareness (ISA) remain prohibitively expensive, time-consuming, and repetitive. In light of these challenges, this study proposes persuasive technology to influence end-users security awareness and behaviour intention. Based on our research, persuasive technology is effective in changing end-users attitudes and behaviours. In this context, this study assesses the effectiveness of persuasive technology use for influencing end-users’ ISA. In addition, this research establishes an integrated model for improving end-users’ ISA by incorporating relevant literature and multiple empirically verified theories, including Fogg Behaviour Model (FBM), Protection Motivation Theory (PMT), Theory of Planned Behaviour (TPB), and Technology Acceptance Model (TAM). The integrated model has been proposed based on the main categories of FBM (motivation, ability, and trigger) to identify the effects of key factors in the persuasive technology context for influencing end-user ISA and behaviour intention. The prototype was developed by implementing the persuasive factors of the proposed model to measure the effectiveness of persuasive technology. Quantitative data from an experiment were gathered from 100 participants to validate the proposed research model using the paired sample T-test and partial least squares (PLS) to assess security awareness in the context of persuasive technology. The research findings show that using persuasive technology has a positive influence on ISA. The results also indicate the research model significantly predicts the key factors affecting security awareness and behaviour intention with respect to persuasive technology. Thus, this study suggests a model for the creation and development of a proactive and customised security awareness system. Therefore, persuasive technology, in general, has a positive effect on users’ security awareness and the intention of security behaviour

show abstract

Persuasive Technology for Improving Information Security Awareness and Behavior: Literature Review

Cited by 8 publications

References 18 publications

Cyber Suraksha: a card game for smartphone security awareness

Cyber Suraksha: a card game for smartphone security awareness

Information Security in the Banking Sector: A Systematic Literature Review on Current Trends, Issues, and Challenges

The Effects of Persuasive Technology for Influencing End-Users’ Information Security Awareness

Contact Info

Product

Resources

About