Evaluating the effectiveness of learner controlled information security training

The goal of this study is to examine the effects of learner control on information security (ISec) training effectiveness. While organizations recognize the importance of education and training in security and invest in such efforts, the design of these programs often lacks theoretical grounding and the outcomes are often not critically evaluated. This paper attempts to fill these gaps by (1) identifying desirable characteristics for the design of such training programs, (2) using these characteristics as guidelines to design a web-based information security training (3) experimentally evaluating the effectiveness of the training using critical outcomes such as training satisfaction, security training performance, self-efficacy, perceived threat severity and susceptibility. We find that web based ISec training that incorporates learner control positively affects training reactions and learning outcomes. (C) 2019 Elsevier Ltd. All rights reserved.