Abstract
The question whether culture of a society needs to be considered when designing cybersecurity training and awareness programs has recently risen in literature. While some programs may be effective in the west, they may not apply in the Middle East or Africa. Since cybersecurity has overtaken terrorism as the leading security concern globally, criticality of user training and awareness programmes cannot be overemphasized. This paper demonstrates that a cybersecurity training or awareness program that considers cultures of the people is more effective than generic one. Staff in a midsized organization were randomly divided into two groups. Group one consisting of Indians was treated to a culturally sensitive training programme in Hindi while group two consisting of Ugandans, Nepalese, Pakistanis and the Philippines undertook a generic one in English. A survey was conducted subsequent to the treatments. Results revealed that group one demonstrated better understanding of cybersecurity issues after one month.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aloul, F.A.: The need for effective information security awareness. J. Adv. Inf. Technol. 3(3), 176–183 (2012). Academy Publisher, https://doi.org/10.4304/jait.3.3.176-183
Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. In: Management Information Systems Research Centre, University of Minnesota, USA, vol. 34, no. 3 (2010)
Siponen, M.T.: A conceptual foundation for organizational information security awareness. Inf. Manag. Comput. Secur. 8(1), 31–41 (2000)
Horcher, A.-M., Tejay, G.P.: Building a better password: the role of cognitive load in information security training. In: IEEE, Richardson, TX, USA (2009)
Wunderle, W.D.: Through the Lens of Cultural Awareness: A Primer for US Armed Forces Deploying to Arab and Middle Eastern Countries, Combat Studies Institute Press Fort Leavenworth, KS 66027 (2006)
Lim, J.S., Ahmad, A., Chang, S., Maynard, S.B.: Embedding information security culture emerging concerns and challenges. In: PACIS 2010 Proceedings, Brisbane, Australia, pp. 463–474 (2010)
McCrohan, K., et al.: Influence of awareness and training on cyber-security. J. Internet Commer. 9, 23–41 (2010). Method Approaches, pp. 3–23. Sage/Media, Inc., London/Hingham
Garret, C.: Developing a Security-Awareness Culture - Improving Security Decision Making. SANs Institute (2005)
Hight, S.D.: The importance of a security, education, training and awareness program (2005). http://www.infosecwriters.com/Papers/SHight_SETA.pdf. Accessed 25 Oct 2017
Seibert, P.S., Stridh-lgo, P., Zimmerman, C.G.: A checklist to facilitate cultural awareness and sensitivity. J. Med. Ethics 28, 143–146 (2002)
Whitmer, M.G.: IT security awareness and training, changing the culture of state government (2007). https://www.nascio.org/Portals/0/Publications/Documents/NASCIO-ITSecurityAwarenessAndTraining.pdf. Accessed 15 Oct 2017
Ashraf, S.: Organization Need and Everyone’s Responsibility Information Security Awareness. SANS Institute (2005)
Kritzinger, E., Von Solms, S.H.: Cyber-security for home users: a new way of protection through awareness enforcement. Comput. Secur. 29(8), 840–847 (2010)
Parsons, K., McCormac, A., Butavicius, M., Ferguson, L.: Human factors and information security: individual, culture and security environment. Australian Government, Department of Defence (2010)
Al Shehri, Y.: Information security awareness and culture. Br. J. Arts Soc. Sci. (2012). ISSN: 2046-9578. British Journal Publishing
Kruger, H.A., Flowerday, S., Drevin, L., Steyn, T.: An assessment of the role of cultural factors in Information Security awareness. ISSA, IEEE Xplore Digital Library (2011). www.researchgate.net
Dhillon, G.: Principles of Information Systems Security, Text and Cases. Wiley, New Jersey (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Al Neaimi, A., Lutaaya, P. (2018). The Role of Culture in the Design of Effective Cybersecurity Training and Awareness Programmes. A Case Study of the United Arab Emirates (UAE). In: Odumuyiwa, V., Adegboyega, O., Uwadia, C. (eds) e-Infrastructure and e-Services for Developing Countries. AFRICOMM 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 250. Springer, Cham. https://doi.org/10.1007/978-3-319-98827-6_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-98827-6_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-98826-9
Online ISBN: 978-3-319-98827-6
eBook Packages: Computer ScienceComputer Science (R0)