Benjamin Maximilian Berens (SECUSO, Karlsruhe Institute of Technology), Katerina Dimitrova, Mattia Mossano (SECUSO, Karlsruhe Institute of Technology), Melanie Volkamer (SECUSO, Karlsruhe Institute of Technology)

The use of security awareness and education programmes is very common in organisations. But how effective are they over time? Some initial research on this question is, among others, the extensive study of Reinheimer et al. [74] that measured effectiveness at several time intervals. Their research found still significantly better results than before the awareness program after four months, but no longer after six months. This left open a two months interval for the reminder. The contribution of our paper is to study whether the reminder should be closer to four or six months. Thus, we measured effectiveness after five months. With still significant better results than before the programme after five months, we conclude that it is recommended to remind users more towards six months rather than already after five. However, we kindly invite the community to conduct more long-term studies, in different contexts, to confirm these findings.

View More Papers

Demo #3: I Am Not Afraid of the GPS...

Ali A. Abdallah (UC Irvine), Zaher M. Kassas (UC Irvine) and Chiawei Lee (US Air Force Test Pilot School)

Read More

Towards Integrating Human-Centered Cybersecurity Research Into Practice: A Practitioner...

Julie Haney, Clyburn Cunningham, Susanne Furman (National Institute of Standards and Technology)

Read More

Vision: Towards True User-Centric Design for Digital Identity Wallets

Yorick Last (Paderborn University), Patricia Arias Cabarcos (Paderborn University)

Read More

MacOS versus Microsoft Windows: A Study on the Cybersecurity...

Cem Topcuoglu (Northeastern University), Andrea Martinez (Florida International University), Abbas Acar (Florida International University), Selcuk Uluagac (Florida International University), Engin Kirda (Northeastern University)

Read More