To read the full version of this content please select one of the options below:

The long‐term effects of information security e‐learning on organizational learning

Janne Hagen (Gjøvik University College, Gjøvik, Norway)
Eirik Albrechtsen (Department of Safety Research, SINTEF Technology and Society, Trondheim, Norway)
Stig Ole Johnsen (Department of Safety Research, SINTEF Technology and Society, Trondheim, Norway and Department of Computer and Information Science, Norwegian University of Science and Technology, Trondheim, Norway)

Information Management & Computer Security

ISSN: 0968-5227

Article publication date: 19 July 2011

Abstract

Purpose

The purpose of this paper is to measure and discuss the long‐term effects of an e‐learning tool aiming at improving the information security knowledge, awareness, and behaviour of employees.

Design/methodology/approach

The intervention study had two assessments of knowledge and attitudes among employees: one survey, one week before the intervention, and one survey eight months after the intervention. The population was divided into an intervention group and a control group, where the only separated the groups was participation in the intervention (i.e. the e‐learning tool).

Findings

The study documents that the effects of the intervention on security awareness and behavior partly remains more than half a year after the intervention, but that the detailed knowledge on information security issues diminished during the period. The study also discusses how such courseware can contribute to long‐term organizational learning compared with human interventions such as action research. Both human resource management and internal promotion are necessary input in the process to successfully educate and train employees in information security.

Research limitations/implications

One weakness of concern is the low response rate of 37 in the final analysis.

Practical implications

The study can document that short‐time effects of software supported information security awareness on employees' knowledge, behaviour, and awareness diminish over time. It is thus important to maintain and continually perform information security awareness. More interventions studies, following the same principles as presented in this paper, of other user‐directed measures is needed, to test and document the effects of different measures.

Originality/value

The paper is innovative in the area of information security research as it shows how an information security intervention can be measured.

Keywords

Citation

Hagen, J., Albrechtsen, E. and Ole Johnsen, S. (2011), "The long‐term effects of information security e‐learning on organizational learning", Information Management & Computer Security, Vol. 19 No. 3, pp. 140-154. https://doi.org/10.1108/09685221111153537

Publisher

:

Emerald Group Publishing Limited

Copyright © 2011, Emerald Group Publishing Limited