An exploratory investigation of message-person congruence in information security awareness campaigns

In this study, we sought to answer the question of whether certain information security awareness message themes are more or less effective for different types of individuals based on their personality traits. We considered five message themes (deterrence, morality, regret, feedback, and incentive)...

Full description

Saved in:
Bibliographic Details
Published in:Computers & security 2014-06, Vol.43, p.64-76
Main Authors: Kajzer, Mitchell, D'Arcy, John, Crowell, Charles R., Striegel, Aaron, Van Bruggen, Dirk
Format: Article
Language:English
Subjects:
Advertising campaigns
Applied sciences
Backfire
Biological and medical sciences
Computer information security
Computer science
control theory
systems
Congruences
Data integrity
Effectiveness studies
Exact sciences and technology
Feedback
Fundamental and applied biological sciences. Psychology
Incentives
Information security awareness
Memory and file management (including protection and security)
Memory organisation. Data processing
Message framing
Message-person congruence
Messages
Morality
Personality
Personality traits
Personality. Affectivity
Psychology. Psychoanalysis. Psychiatry
Psychology. Psychophysiology
Security management
Social interactions. Communication. Group processes
Social psychology
Software
Survey research
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In this study, we sought to answer the question of whether certain information security awareness message themes are more or less effective for different types of individuals based on their personality traits. We considered five message themes (deterrence, morality, regret, feedback, and incentive) as they relate to seven personality traits (the Big Five, Machiavellianism, and social desirability). Our survey analysis of 293 users provides evidence that security awareness message effectiveness does vary based on personality, but not always as one would expect. Depending on certain personality traits, some security messages appear beneficial to security efforts, whereas other personality traits make the individual less receptive to certain message types and therefore security messages may backfire in terms of achieving their intended effect. Our exploratory results can assist practitioners in identifying a best fit between security awareness themes and individual users based on their personality profile.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2014.03.003