How E-Learning Can Facilitate Information Security Awareness

Users of information systems are increasingly being attacked and exploited by cyber criminals. Information Security Awareness addresses how users can be convinced to behave compliantly to a company's information security policies. This paper explores the potential of e-Learning as a tool to increase the information security awareness of users. The factors that ultimately lead to information security-compliant behavior are the factors knowledge, habit, salience, and behavioral intent. By looking at the peculiarities of e-Learning, the chances and limitations of influencing these factors are examined exploratory. The basis for this is Bloom's Taxonomy from learning theory. The paper shows that e-Learning can help influencing knowledge and habit of a person. The salience and intention of a person, however, can only be influenced in combination with other factors. Especially with affective emotions and beliefs, e-Learning can also have negative effects. The paper also gives an outlook on how further quantitative research could help to ultimately shape effective e-Learning courses.