How E-Learning Can Facilitate Information Security Awareness

  • Andreas E. SchützEmail author
  • Tobias Fertig
  • Kristin Weber
  • Nicholas H. Müller
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11590)


Users of information systems are increasingly being attacked and exploited by cyber criminals. Information Security Awareness addresses how users can be convinced to behave compliantly to a company’s information security policies. This paper explores the potential of e-Learning as a tool to increase the information security awareness of users. The factors that ultimately lead to information security-compliant behavior are the factors knowledge, habit, salience, and behavioral intent. By looking at the peculiarities of e-Learning, the chances and limitations of influencing these factors are examined exploratory. The basis for this is Bloom’s Taxonomy from learning theory. The paper shows that e-Learning can help influencing knowledge and habit of a person. The salience and intention of a person, however, can only be influenced in combination with other factors. Especially with affective emotions and beliefs, e-Learning can also have negative effects. The paper also gives an outlook on how further quantitative research could help to ultimately shape effective e-Learning courses.


Information security awareness E-Learning platforms Learning Bloom’s Taxonomy 



Andreas E. Schütz was supported by the BayWISS Consortium Digitization.


  1. 1.
    Ajzen, I.: Behavioral interventions based on the theory of planned behavior: brief description of the theory of planned behavior (2006).
  2. 2.
    Allianz fuer Cybersicherheit: Awareness-Umfrage 2015. Technical report, Bonn, May 2016Google Scholar
  3. 3.
    Bada, M., Sasse, A.M., Nurse, J.R.: Cyber Security Awareness Campaigns: Why do they fail to change behaviour? In: Global Cyber Security Capacity Centre: Draft Working Paper, pp. 131–188 (2014)Google Scholar
  4. 4.
    Baranowski, T., Cullen, K.W., Nicklas, T., Thompson, D., Baranowski, J.: Are current health behavioral change models helpful in guiding prevention of weight gain efforts? Obesity 11(10), 23–43 (2003). Scholar
  5. 5.
    Bates, T.: Technology, E-Learning and Distance Education. RoutledgeFalmer Studies in Distance Education, 2nd edn. Routledge, London (2005)Google Scholar
  6. 6.
    Baumeister, R.F.F., Vohs, K.D.D.: Encyclopedia of Social Psychology. SAGE, Thousand Oaks (2007). Scholar
  7. 7.
    Bloom, B.S., Krathwohl, D.R.: Taxonomy of educational objectives; the classification of educational goals by a committee of college and university examiners. In: Handbook I: Cognitive Domain. Longmans, Green (1956)Google Scholar
  8. 8.
    Bonk, C.J., Graham, C.R. (eds.): The Handbook of Blended Learning: Global Perspectives. Local Designs. Pfeiffer Essential Resources for Training and HR Professionals, 1st edn. Pfeiffer, San Francisco (2006)Google Scholar
  9. 9.
    Boyd, B.L., Dooley, K.E., Felton, S.: Measuring learning in the affective domain using reflective writing about a virtual international agriculture experience. J. Agric. Educ. 47(3), 24–32 (2006). Scholar
  10. 10.
    Ghirardini, B., Food and Agriculture Organization of the United Nations, Germany, Bundesministerium für Ernährung, L.u.V.: E-learning methodologies: a guide for designing and developing e-learning courses. Food and Agriculture Organization of the United Nations, Rome (2011). oCLC: 805047485Google Scholar
  11. 11.
    Hänsch, N., Benenson, Z.: Specifying IT security awareness. In: 2014 25th International Workshop on Database and Expert Systems Applications, pp. 326–330, September 2014.
  12. 12.
    Hirshfield, L., et al.: The role of human operators’ suspicion in the detection of cyber attacks. Int. J. Cyber Warfare Terrorism 5(3), 28–44 (2015). Scholar
  13. 13.
    Hrastinski, S.: Asynchronous and synchronous e-learning. Educause Quarterley 31(4), 51–55 (2008)Google Scholar
  14. 14.
    ISACA: State of Cybersecurity 2017. Part 2: Current Trends in Threat Landscape. Technical report, ISACA, 3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USA (2017).
  15. 15.
    Kabay, M.E., Robertson, B., Akella, M., Lang, D.T.: Using social psychology to implement security policies. In: Computer Security Handbook, pp. 50.1–50.25. Wiley (2012).
  16. 16.
    Kahiigi, E.K., Ekenberg, L., Tusubira, F.F., Danielson, M.: Exploring the e-learning state of the art. Electron. J. e-Learn. 6(2), 77–88 (2008)Google Scholar
  17. 17.
    Khan, B., Alghatbar, K.S., Nabi, S.I., Khan, M.: Effectiveness of information security awareness methods based on psychological theories. African J. Bus. Manage. 26(5), 10862–10868 (2011)Google Scholar
  18. 18.
    mmb Institut - Gesellschaft für Medien-und Kompetenzforschung mbH: Weiterbildung und Digitales Lernen heute und in drei Jahren: Erklärfilme als Umsatzbringer der Stunde Ergebnisse der 12. Trendstudie mmb Learning Delphi“. Technical report (2018)Google Scholar
  19. 19.
    Krathwohl, D.R.: A revision of bloom’s taxonomy: an overview. Theory Into Pract. 41(4), 212–218 (2002)CrossRefGoogle Scholar
  20. 20.
    McFarland, D.: Multimedia in higher education. Katharine Sharp Rev. 3(3) (1996)Google Scholar
  21. 21.
    Merete Hagen, J., Albrechtsen, E.: Effects on employees’ information security abilities by e-learning. Inf. Manag. Comput. Secur. 17(5), 388–407 (2009). Scholar
  22. 22.
    Meyen, E.L., Tangen, P., Lian, C.H.: Developing online instruction: partnership between instructors and technical developers. J. Special Educ. Technol. 14(1), 18–31 (1999). Scholar
  23. 23.
    Moneta, G.B., Kekkonen-Moneta, S.S.: Affective learning in online multimedia and lecture versions of an introductory computing course. Educ. Psychol. 27(1), 51–74 (2007)CrossRefGoogle Scholar
  24. 24.
    Montaño, D.E., Kasprzyk, D.: Theory of reasoned action, theory of planned behavior, and the integrated behavior model. In: Glanz, K., Barbara, K., Viswanath, K. (eds.) Health Behavior and Health Education, pp. 67–96. Wiley, Hoboken (2008)Google Scholar
  25. 25.
    Pahnila, S., Siponen, M., Mahmood, A.: Employees’ behavior towards is security policy compliance. In: 2007 40th Annual Hawaii International Conference on System Sciences (HICSS 2007), p. 156b, January 2007.
  26. 26.
    Reportlinker: Global E-Learning Market Outlook (2014–2022) (2015).
  27. 27.
    Schütz, A.E.: Information security awareness: it’s time to change minds! In: Proceedings of International Conference on Applied Informatics Imagination, Creativity, Design, Development - ICDD 2018. Sibiu, Romania (2018)Google Scholar
  28. 28.
    Schwarzer, R.: Psychologie des Gesundheitsverhaltens: Einführung in die Gesundheitspsychologie. Hogrefe, Göttingen, 3, überarb. aufl. edn. (2004)Google Scholar
  29. 29.
    Semba, B., Eymann, T.: Developing a Model to Analyze the Influence of Personal Values on IT Security Behavior. In: Tagungsband Multikonferenz Wirtschaftsinformatik 2016, pp. 1083–1091. TU Ilmenau, Ilmenau (2016)Google Scholar
  30. 30.
    Simpson, E.J.: The classification of educational objectives in the psychomotor domain. Technical report, University of Illinois, Urbana (1966)Google Scholar
  31. 31.
    Triandis, H.C.: Interpersonal Behavior. Brooks/Cole, Monterey Calif (1977)Google Scholar
  32. 32.
    Tulsiani, R.: Applying bloom’s taxonomy in eLearning, July 2017.
  33. 33.
    Verplanken, B., Aarts, H.: Habit, attitude, and planned behaviour: is habit an empty construct or an interesting case of goal-directed automaticity? Eur. Rev. Soc. Psychol. 10(1), 101–134 (1999). Scholar
  34. 34.
    Wolf, M.: Von Security Awareness zum Secure Behaviour. Hakin9 Extra 5, 18–19 (2012)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Andreas E. Schütz
    • 1
    Email author
  • Tobias Fertig
    • 1
  • Kristin Weber
    • 1
  • Nicholas H. Müller
    • 1
  1. 1.University of Applied Sciences Würzburg-SchweinfurtWürzburgGermany

Personalised recommendations