Skip to main content

2025 | OriginalPaper | Buchkapitel

A Framework for Matching Distinct Personality Types with Information Security Awareness Methods

verfasst von : Veronika Jashari, Satu Björn, Ella Kolkowska, Shang Gao

Erschienen in: Human Aspects of Information Security and Assurance

Verlag: Springer Nature Switzerland

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

The objective of this study is to develop a framework to associate learning styles and social influencing vulnerabilities with different personality types in the context of tailoring Information Security Awareness (ISA) methods for people with different personality types. Directed content analysis is carried out to develop the framework. The analysis is conducted in the following two parts: a). Describe and identify keywords for the DISC (Dominance (D), Inducement (I), Submission (S) and Compliance (C)) personality types, Kolb’s learning styles and Cialdini’s social influencing principles; b). Identify the relationships between Personality types, Learning styles, and Social influencing vulnerabilities and create the PLS (i.e., Personality types, Learning styles, and Social influencing vulnerabilities) framework. As a result, four relationships are identified for each distinct personality type in the PLS framework. This study contributes to building a sound theoretical ground for tailoring ISA methods for people with different personality types . In addition, the derived keywords are helpful to capture a good understanding of the different dimensions of the selected theories. Furthermore, the developed PLS framework can be used as a base for managers to employ ISA methods for people with different personality types in organizations.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
1.
Zurück zum Zitat Kritzinger, E., Smith, E.: Information security management: an information security retrieval and awareness model for industry. Comput. Secur. 27(5–6), 224–231 (2008)CrossRef Kritzinger, E., Smith, E.: Information security management: an information security retrieval and awareness model for industry. Comput. Secur. 27(5–6), 224–231 (2008)CrossRef
2.
Zurück zum Zitat Mouton, F., Leenen, L., Venter, H.S.: Social engineering attack examples, templates and scenarios. Comput. Secur. 59, 186–209 (2016)CrossRef Mouton, F., Leenen, L., Venter, H.S.: Social engineering attack examples, templates and scenarios. Comput. Secur. 59, 186–209 (2016)CrossRef
3.
Zurück zum Zitat Stahl, B.C., Doherty, N.F., Shaw, M.: Information security policies in the UK healthcare sector: a critical evaluation. Inf. Syst. J. 22(1), 77–94 (2012)CrossRef Stahl, B.C., Doherty, N.F., Shaw, M.: Information security policies in the UK healthcare sector: a critical evaluation. Inf. Syst. J. 22(1), 77–94 (2012)CrossRef
4.
Zurück zum Zitat Khatib, R., Barki, H.: An activity theory approach to information security non-compliance. Information & Computer Sec. 28(4), 485–501 (2020)CrossRef Khatib, R., Barki, H.: An activity theory approach to information security non-compliance. Information & Computer Sec. 28(4), 485–501 (2020)CrossRef
5.
Zurück zum Zitat Parsons, K., McCormac, A., Butavicius, M., et al.: Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q). Comput. Secur. 42, 165–176 (2014)CrossRef Parsons, K., McCormac, A., Butavicius, M., et al.: Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q). Comput. Secur. 42, 165–176 (2014)CrossRef
6.
Zurück zum Zitat Soomro, Z.A., Shah, M.H., Ahmed, J.: Information security management needs more holistic approach: a literature review. Int. J. Inf. Manage. 36(2), 215–225 (2016)CrossRef Soomro, Z.A., Shah, M.H., Ahmed, J.: Information security management needs more holistic approach: a literature review. Int. J. Inf. Manage. 36(2), 215–225 (2016)CrossRef
7.
Zurück zum Zitat Tsohou, A., Kokolakis, S., Karyda, M., Kiountouzis, E.: Investigating information security awareness: research and practice gaps. Information Security J.: A Global Perspective 17(5–6), 207–227 (2008) Tsohou, A., Kokolakis, S., Karyda, M., Kiountouzis, E.: Investigating information security awareness: research and practice gaps. Information Security J.: A Global Perspective 17(5–6), 207–227 (2008)
8.
Zurück zum Zitat Kruger, H.A., Kearney, W.D.: A prototype for assessing information security awareness. Comput. Secur. 25(4), 289–296 (2006)CrossRef Kruger, H.A., Kearney, W.D.: A prototype for assessing information security awareness. Comput. Secur. 25(4), 289–296 (2006)CrossRef
9.
Zurück zum Zitat Aldawood, H., Skinner, G.: Reviewing cyber security social engineering training and awareness programs—pitfalls and ongoing issues. Future Internet 11(3), 73 (2019)CrossRef Aldawood, H., Skinner, G.: Reviewing cyber security social engineering training and awareness programs—pitfalls and ongoing issues. Future Internet 11(3), 73 (2019)CrossRef
10.
Zurück zum Zitat Schutz, A.: Collected papers. M. Nijhoff, Hingham, MA (1982) Schutz, A.: Collected papers. M. Nijhoff, Hingham, MA (1982)
11.
Zurück zum Zitat Khando, K., Gao, S., Islam, S.M., Salman, A.: Enhancing employees information security awareness in private and public organisations: a systematic literature review. Comput. Secur. 106, 102267 (2021)CrossRef Khando, K., Gao, S., Islam, S.M., Salman, A.: Enhancing employees information security awareness in private and public organisations: a systematic literature review. Comput. Secur. 106, 102267 (2021)CrossRef
12.
Zurück zum Zitat Hu, S., Hsu, C., Zhou, Z.: Security education, training, and awareness programs: literature review. J. Computer Information Syst. 62(4), 752–764 (2022)CrossRef Hu, S., Hsu, C., Zhou, Z.: Security education, training, and awareness programs: literature review. J. Computer Information Syst. 62(4), 752–764 (2022)CrossRef
13.
Zurück zum Zitat Aharony, N., Bouhnik, D., Reich, N.: Readiness for information security of teachers as a function of their personality traits and their assessment of threats. Aslib J. Information Management (2020) Aharony, N., Bouhnik, D., Reich, N.: Readiness for information security of teachers as a function of their personality traits and their assessment of threats. Aslib J. Information Management (2020)
14.
Zurück zum Zitat Flowerday, S., Van der Schyff, K.: Social media surveillance: a personality-driven behaviour model. J. Economic and Financial Sci. 12(1), 1–9 (2019) Flowerday, S., Van der Schyff, K.: Social media surveillance: a personality-driven behaviour model. J. Economic and Financial Sci. 12(1), 1–9 (2019)
15.
Zurück zum Zitat Hadlington, L., Popovac, M., Janicke, H., et al.: Exploring the role of work identity and work locus of control in information security awareness. Comput. Secur. 81, 41–48 (2019)CrossRef Hadlington, L., Popovac, M., Janicke, H., et al.: Exploring the role of work identity and work locus of control in information security awareness. Comput. Secur. 81, 41–48 (2019)CrossRef
16.
Zurück zum Zitat Alkış, N., Temizel, T.T.: The impact of individual differences on influence strategies. Personality Individ. Differ. 87, 147–152 (2015)CrossRef Alkış, N., Temizel, T.T.: The impact of individual differences on influence strategies. Personality Individ. Differ. 87, 147–152 (2015)CrossRef
17.
Zurück zum Zitat Pattinson, M., Butavicius, M., Lillie, M., et al.: Matching training to individual learning styles improves information security awareness. Information & Computer Security 28(1), 1–14 (2020)CrossRef Pattinson, M., Butavicius, M., Lillie, M., et al.: Matching training to individual learning styles improves information security awareness. Information & Computer Security 28(1), 1–14 (2020)CrossRef
18.
Zurück zum Zitat Haeussinger, F., Kranz, J.: Antecedents of employees’information security awareness-review, synthesis, and directions for future research. In: the 25th European Conference on Information Systems (ECIS2017) (2017) Haeussinger, F., Kranz, J.: Antecedents of employees’information security awareness-review, synthesis, and directions for future research. In: the 25th European Conference on Information Systems (ECIS2017) (2017)
19.
Zurück zum Zitat Micallef, N., Arachchilage, N.A.G.: Changing users’ security behaviour towards security questions: a game based learning approach. In: 2017 Military Communications and Information Systems Conference (MilCIS), pp. 1–6. IEEE (2017) Micallef, N., Arachchilage, N.A.G.: Changing users’ security behaviour towards security questions: a game based learning approach. In: 2017 Military Communications and Information Systems Conference (MilCIS), pp. 1–6. IEEE (2017)
20.
Zurück zum Zitat Reinheimer, B., Aldag, L., Mayer, P., et al.: An investigation of phishing awareness and education over time: when and how to best remind users. In: Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020), pp. 259–284 (2020) Reinheimer, B., Aldag, L., Mayer, P., et al.: An investigation of phishing awareness and education over time: when and how to best remind users. In: Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020), pp. 259–284 (2020)
21.
Zurück zum Zitat Tsohou, A., Karyda, M., Kokolakis, S.: Analyzing the role of cognitive and cultural biases in the internalization of information security policies: recommendations for information security awareness programs. Comput. Secur. 52, 128–141 (2015)CrossRef Tsohou, A., Karyda, M., Kokolakis, S.: Analyzing the role of cognitive and cultural biases in the internalization of information security policies: recommendations for information security awareness programs. Comput. Secur. 52, 128–141 (2015)CrossRef
22.
Zurück zum Zitat Tse, W.D., Hui, M., Lam, S., et al.: Education in IT security: a case study in banking industry. GSTF Journal on Computing (JoC). 3(3), 1–10 (2013) Tse, W.D., Hui, M., Lam, S., et al.: Education in IT security: a case study in banking industry. GSTF Journal on Computing (JoC). 3(3), 1–10 (2013)
23.
Zurück zum Zitat Caldwell, T.: Making security awareness training work. Computer Fraud & Security. 2016(6), 8–14 (2016)CrossRef Caldwell, T.: Making security awareness training work. Computer Fraud & Security. 2016(6), 8–14 (2016)CrossRef
24.
Zurück zum Zitat Bauer, S., Bernroider, E.W., Chudzikowski, K.: Prevention is better than cure! Designing information security awareness programs to overcome users’ non-compliance with information security policies in banks. Computers & Security 68, 145–159 (2017) Bauer, S., Bernroider, E.W., Chudzikowski, K.: Prevention is better than cure! Designing information security awareness programs to overcome users’ non-compliance with information security policies in banks. Computers & Security 68, 145–159 (2017)
25.
Zurück zum Zitat Hart, S., Margheri, A., Paci, F., Sassone, V.: Riskio: a serious game for cyber security awareness and education. Comput. Secur. 95, 101827 (2020)CrossRef Hart, S., Margheri, A., Paci, F., Sassone, V.: Riskio: a serious game for cyber security awareness and education. Comput. Secur. 95, 101827 (2020)CrossRef
26.
Zurück zum Zitat Abawajy, J.: User preference of cyber security awareness delivery methods. Behaviour & Information Technol. 33(3), 237–248 (2014)MathSciNetCrossRef Abawajy, J.: User preference of cyber security awareness delivery methods. Behaviour & Information Technol. 33(3), 237–248 (2014)MathSciNetCrossRef
27.
Zurück zum Zitat Wiley, A., McCormac, A., Calic, D.: More than the individual: examining the relationship between culture and information security awareness. Comput. Secur. 88, 101640 (2020)CrossRef Wiley, A., McCormac, A., Calic, D.: More than the individual: examining the relationship between culture and information security awareness. Comput. Secur. 88, 101640 (2020)CrossRef
28.
Zurück zum Zitat Kajzer, M., D’Arcy, J., Crowell, C.R., et al.: An exploratory investigation of message-person congruence in information security awareness campaigns. Comput. Secur. 43, 64–76 (2014)CrossRef Kajzer, M., D’Arcy, J., Crowell, C.R., et al.: An exploratory investigation of message-person congruence in information security awareness campaigns. Comput. Secur. 43, 64–76 (2014)CrossRef
29.
Zurück zum Zitat Pattinson, M., Butavicius, M., Parsons, K., et al.: Factors that influence information security behavior: an Australian web-based study. In: International Conference on Human Aspects of Information Security, Privacy, and Trust, pp. 231–241. Springer (2015). https://doi.org/10.1007/978-3-319-20376-8_21 Pattinson, M., Butavicius, M., Parsons, K., et al.: Factors that influence information security behavior: an Australian web-based study. In: International Conference on Human Aspects of Information Security, Privacy, and Trust, pp. 231–241. Springer (2015). https://​doi.​org/​10.​1007/​978-3-319-20376-8_​21
31.
Zurück zum Zitat Abraham, S., Chengalur-Smith, I.: Evaluating the effectiveness of learner controlled information security training. Comput. Secur. 87, 101586 (2019)CrossRef Abraham, S., Chengalur-Smith, I.: Evaluating the effectiveness of learner controlled information security training. Comput. Secur. 87, 101586 (2019)CrossRef
32.
Zurück zum Zitat Funder, D.C.: Explaining traits. Psychological Inquiry 5(2), 125127 (1994) Funder, D.C.: Explaining traits. Psychological Inquiry 5(2), 125127 (1994)
33.
Zurück zum Zitat Marston, W.M.: Emotions of Normal People, Kegan Paul Trench Trubner and Company Limited, New York, NY (1928) Marston, W.M.: Emotions of Normal People, Kegan Paul Trench Trubner and Company Limited, New York, NY (1928)
34.
Zurück zum Zitat Alshehri, K.A., Alshamrani, H., Alharbi, A., et al.: The relationship between personality type and the academic achievement of medical students in a Saudi medical school. International J. Community Medicine And Public Health. 5(8), 3205–3211 (2018)CrossRef Alshehri, K.A., Alshamrani, H., Alharbi, A., et al.: The relationship between personality type and the academic achievement of medical students in a Saudi medical school. International J. Community Medicine And Public Health. 5(8), 3205–3211 (2018)CrossRef
35.
Zurück zum Zitat Agung, A.A.G., Yuniar, I.: Personality assessment website using DISC: a case study in information technology school. In: 2016 International Conference on Information Management and Technology (ICIMTech), pp. 72–77. IEEE (2016) Agung, A.A.G., Yuniar, I.: Personality assessment website using DISC: a case study in information technology school. In: 2016 International Conference on Information Management and Technology (ICIMTech), pp. 72–77. IEEE (2016)
36.
Zurück zum Zitat Puccio, G., Grivas, C.: Examining the relationship between personality traits and creativity styles. Creativity and Innov. Manage. 18(4), 247–255 (2009)CrossRef Puccio, G., Grivas, C.: Examining the relationship between personality traits and creativity styles. Creativity and Innov. Manage. 18(4), 247–255 (2009)CrossRef
37.
Zurück zum Zitat Busato, V.V., Prins, F.J., Elshout, J.J., Hamaker, C.: The relation between learning styles, the Big Five personality traits and achievement motivation in higher education. Personality Individ. Differ. 26(1), 129–140 (1998)CrossRef Busato, V.V., Prins, F.J., Elshout, J.J., Hamaker, C.: The relation between learning styles, the Big Five personality traits and achievement motivation in higher education. Personality Individ. Differ. 26(1), 129–140 (1998)CrossRef
38.
Zurück zum Zitat Felder, R.M.: Matters of style. ASEE Prism 6(4), 1823 (1996) Felder, R.M.: Matters of style. ASEE Prism 6(4), 1823 (1996)
39.
Zurück zum Zitat Gardner, H.: Multiple Intelligences: The Theory in Practice. Basic books (1993) Gardner, H.: Multiple Intelligences: The Theory in Practice. Basic books (1993)
40.
Zurück zum Zitat Fleming, N.D.: Teaching and Learning Styles: VARK Strategies. IGI global (2011) Fleming, N.D.: Teaching and Learning Styles: VARK Strategies. IGI global (2011)
41.
Zurück zum Zitat Kolb, D.A.: Experiential Learning: Experience as the Source of Learning and Development. FT press (2014) Kolb, D.A.: Experiential Learning: Experience as the Source of Learning and Development. FT press (2014)
42.
Zurück zum Zitat Hatzivasilis, G., Ioannidis, S., Smyrlis, M., et al.: Modern aspects of cyber-security training and continuous adaptation of programmes to trainees. Appl. Sci. 10(16), 5702 (2020)CrossRef Hatzivasilis, G., Ioannidis, S., Smyrlis, M., et al.: Modern aspects of cyber-security training and continuous adaptation of programmes to trainees. Appl. Sci. 10(16), 5702 (2020)CrossRef
43.
Zurück zum Zitat Konak, A.: Experiential learning builds cybersecurity self-efficacy in K-12 students. J. Cybersecurity Education, Research and Practice 2018(1), 6 (2018)MathSciNetCrossRef Konak, A.: Experiential learning builds cybersecurity self-efficacy in K-12 students. J. Cybersecurity Education, Research and Practice 2018(1), 6 (2018)MathSciNetCrossRef
44.
Zurück zum Zitat Parsons, K., Butavicius, M., Delfabbro, P., Lillie, M.: Predicting susceptibility to social influence in phishing emails. Int. J. Hum. Comput. Stud. 128, 17–26 (2019)CrossRef Parsons, K., Butavicius, M., Delfabbro, P., Lillie, M.: Predicting susceptibility to social influence in phishing emails. Int. J. Hum. Comput. Stud. 128, 17–26 (2019)CrossRef
45.
Zurück zum Zitat Cialdini, R.B.: Influence: The Psychology of Persuasion. HarperCollins e-books (2009) Cialdini, R.B.: Influence: The Psychology of Persuasion. HarperCollins e-books (2009)
46.
Zurück zum Zitat Cialdini, R.B., Trost, M.R.: Social Influence: Social Norms, Conformity and Compliance (1998) Cialdini, R.B., Trost, M.R.: Social Influence: Social Norms, Conformity and Compliance (1998)
47.
Zurück zum Zitat Wright, R.T., Jensen, M.L., Thatcher, J.B., et al.: Research note—influence techniques in phishing attacks: an examination of vulnerability and resistance. Inf. Syst. Res. 25(2), 385–400 (2014)CrossRef Wright, R.T., Jensen, M.L., Thatcher, J.B., et al.: Research note—influence techniques in phishing attacks: an examination of vulnerability and resistance. Inf. Syst. Res. 25(2), 385–400 (2014)CrossRef
48.
Zurück zum Zitat Hsieh, H.-F., Shannon, S.E.: Three approaches to qualitative content analysis. Qual. Health Res. 15(9), 1277–1288 (2005)CrossRef Hsieh, H.-F., Shannon, S.E.: Three approaches to qualitative content analysis. Qual. Health Res. 15(9), 1277–1288 (2005)CrossRef
49.
Zurück zum Zitat Kolb, A.Y., Kolb, D.A.: The Kolb Learning Style Inventory-Version 3.1 2005 Technical Specifications. Hay Resource Direct, Boston, MA 200(72), 166–171 (2005) Kolb, A.Y., Kolb, D.A.: The Kolb Learning Style Inventory-Version 3.1 2005 Technical Specifications. Hay Resource Direct, Boston, MA 200(72), 166–171 (2005)
50.
Zurück zum Zitat Jones, C.S., Hartley, N.T.: Comparing correlations between four-quadrant and five-factor personality assessments. Am. J. Bus. Educ. 6(4), 459–470 (2013) Jones, C.S., Hartley, N.T.: Comparing correlations between four-quadrant and five-factor personality assessments. Am. J. Bus. Educ. 6(4), 459–470 (2013)
51.
Zurück zum Zitat Angood, P.B.: Uncertainty, ambiguity and DiSC: a contrast. Physician Leadership J. 4(4), 6–8 (2017) Angood, P.B.: Uncertainty, ambiguity and DiSC: a contrast. Physician Leadership J. 4(4), 6–8 (2017)
52.
Zurück zum Zitat Beamish, G.: How chief executives learn and what behaviour factors distinguish them from other people. Ind. Commer. Train. 37(3), 138–144 (2005)CrossRef Beamish, G.: How chief executives learn and what behaviour factors distinguish them from other people. Ind. Commer. Train. 37(3), 138–144 (2005)CrossRef
53.
Zurück zum Zitat Workman, M.: Wisecrackers: A theory-grounded investigation of phishing and pretext social engineering threats to information security. J. Am. Soc. Inform. Sci. Technol. 59(4), 662–674 (2008)CrossRef Workman, M.: Wisecrackers: A theory-grounded investigation of phishing and pretext social engineering threats to information security. J. Am. Soc. Inform. Sci. Technol. 59(4), 662–674 (2008)CrossRef
Metadaten
Titel
A Framework for Matching Distinct Personality Types with Information Security Awareness Methods
verfasst von
Veronika Jashari
Satu Björn
Ella Kolkowska
Shang Gao
Copyright-Jahr
2025
DOI
https://doi.org/10.1007/978-3-031-72563-0_7