The Critical Success Factors for Security Education, Training and Awareness (SETA) Programme Effectiveness: A Lifecycle Model

Abstract

Security Education, Training, and Awareness (SETA) programmes are one of the most important cybersecurity strategies to protect the valuable assets of any organisation, raise awareness, change behaviour, comply with Information Systems (IS) security policy, and minimises IS security threats. The significance of SETA programmes is widely accepted by both academics and practitioners. However, more research is needed to improve SETA programme effectiveness in organisations. A review of the relevant IS/cyber security literature reveals a lack of research into the Critical Success Factors (CSFs) for SETA programme effectiveness. Therefore, this research study explores the CSFs for SETA programme effectiveness.

A multi-stage research design is adopted for this research study. Stage One involves the gathering and analysis of lived experiences (using semi-structured interviews) from 20 key expert informants. Emerging from this stage are 11 CSFs for SETA programme effectiveness. These CSFs are mapped along the phases of the SETA programme lifecycle (design, development, implementation, evaluation). Furthermore, 9 relationships between these CFSs are identified (both within and across the lifecycle phases). This research output is a Lifecycle Model of CSFs for SETA programme effectiveness.

Stage Two of this research involves an evaluation of the importance of the 11 CSFs for SETA programme effectiveness (emerging from stage one). This evaluation is achieved through administering a short online survey questionnaire (completed by 65 respondents - IS/cyber security professionals) and a series of follow-up probing interviews (with 9 IS/cyber security professionals – 4 key informants for stage one, and 5 survey respondents for stage two). Emerging from this stage is a ranked list of CSFs and 5 guiding principles to overcome the challenges of delivering an effective SETA programme. This research output is an evaluated Lifecycle Model of CSFs for SETA programme effectiveness.

Overall, this research provides a depth of insight contributing to both theory and practice and lays the foundation for further research.