Applying protection motivation theory to information security training for college students

As Internet and Web technologies have been used in different fields by various organizations, cyber security has become a significant public concern for the society as a whole. There is a broad consensus on the need for broader and better training and education of the current and future workforce to be able to effectively deal with present, emergent and future cyber security challenges. However, cyber-security education tends to be constrained to computer and information science degree programs. Further, the courses within these programs tend to be offered via conventional instructional mechanisms that entail limited Hands-on learning experiences due to the difficulty, cost, and potential risks of setting up real world like Hands-on security training environments, which are often network-based. Considering cyber security education is a necessary need across all disciplines and majors, we have been undertaking a research project at a public college to (a) construct a model to study the influence of knowledge from lectures and Hands-on experience on security behavior using protection motivation theory (b) develop a series of laboratory based Information Security education modules as easy to tailor and scalable pedagogic tools for helping undergraduate students to comprehend information security at different levels, and (c) test the impact of these modules on students’ post-training personal cyber security behavior. Our aim is to identify if indeed students do apply what they learn to confidently and intelligently address personal cyber security challenges, after they have completed these course modules. In this paper, we report (a) our theoretical model (b) the design of security pedagogy modules and, (c) the preliminary findings upon testing and surveying students’ post-training knowledge and post-training behavior concerning the security topics covered in the training modules.