An Alternative to the One-Size-Fits-All Approach to ISA Training: A Design Science Approach to ISA Regarding the Adaption to Student Vulnerability Based on Knowledge and Behavior

Volstorff A

Any connection to the university’s network is a conduit that has the potential of being exploited by an attacker, resulting in the possibility of substantial harm to the infrastructure, to the university, and to the student body of whom the university serves. While organizations rightfully “baton down the hatches” by building firewalls, creating proxies, and applying important updates, the most significant vulnerability, that of the student, continues to be an issue due to lack of knowledge, insufficient motivation, and inadequate or misguided training. Utilizing the Design Science Research (DSR) methodology, this research effort seeks to address the latter concern of training by seeking to design a methodology that will sufficiently support the automatic adaptation of security training, which will be based on the assessment of student vulnerability determined by the student’s overall Information Security Awareness (ISA) knowledge and computer security behavior.