The Effect of Learners’ Intrinsic and Extrinsic Motivation on Information Security Awareness Education and Training Learning Effectiveness Through online Learning Environment

National Cheng Kung University

Institute of International Management

[pic 2]

The Effect of Learners’ Intrinsic and Extrinsic Motivation on Information Security Awareness Education and Training Learning Effectiveness through Online Learning Environment

Andree Emmanuel Widjaja (RA6987029)

Advisor:  Dr. Victor Chen

December, 2009

Abstract

Keywords:  E-learning, Intrinsic and Extrinsic Motivation, Information Security Awareness, Learning Effectiveness

The purpose of this study is to explore the effect of learner’s Intrinsic and Extrinsic motivation on Information security awareness education and training effectiveness through online learning environment. Flow theory is being used to measure learner intrinsic motivation, while ARCS (Attention, Relevance, Confidence, and Satisfaction) is being used to measure extrinsic motivation. This study is field experiment comparative study between two countries, Taiwan and Indonesia. This study has the contribution to explore factor that affect learning, especially learner’s motivation effect on the use of online learning effectiveness in order to propose the most effective information security awareness training and education.

Table of Contents

Abstract        

Table of Contents        

CHAPTER ONE INTRODUCTION        

1.1 Research Background        

1.2 Research Motivation        

1.3 Research Objectives        

1.4 Research Project        

1.5 Research Structure        

CHAPTER TWO LITERATURE REVIEW        

2.1 Information Security Awareness        

2.1.1 Information Security        

2.1.2 The need of Information Security Awareness        

2.2 Information Security Awareness Education or Training        

2.3 Online Learning        

2.3.1 Online learning versus traditional learning        

2.4 Learning Motivation        

2.4.1 Flow Theory        

2.4.2 ARCS Model        

2.5 Learning Effectiveness        

2.5.1 Behaviorism        

2.5.2 Cognitivism        

2.5.3 Constructivism        

2.6 Integrated and Non Integrated Curriculum        

2.6.1 Non Integrated Information Security Curriculum        

2.6.2 Integrated Information Security Curriculum        

CHAPTER THREE RESEARCH DESIGN AND METHODOLOGY        

References        

CHAPTER ONE
INTRODUCTION

1.1 Research Background

The use of information technology has dramatically changed over the years, principally with the rapid development of Networking Technology so called Internet which has been able to greatly engrave our behavior. Bringing up to the upper level, Internet has so much a huge impact and therefore have shaped nowadays organizational behavior (Herold, 2005). In general, people could easily connect to the Internet, allowing them to share, provide, and use any kind of information they desired. Some of this information is allowed to be accessed by others freely. Yet, some other information such as personal or confidential corporate information is not allowed to be accessed. This kind of information should remain confidential to some extent. Industry statistic suggest that 50 - 75 % of security incidents originate from within organizations (D'Arcy, Hovav, & Galletta, 2009). Hence, to protect the misused of information, security has played a considerable position within the heart of any organizations.

Information security has become more very significant to protect important or classified information as many corporations have relied heavily on the use of information technology to run their business. People are now largely depending on Internet such as web sites or e-mails in making the business works (Herold, 2005). It is now a hot topic and major concern rather than an afterthought (Herold, 2005; Kruger & Kearney, 2006). Even, information security is no longer considered as a mere science and arts, but also as social science since it begins and ends with the people inside the organization and the people that interact with the system (Whitman & Mattord, 2009).

Information security becomes more to do with management as well as people issue rather than technology issue or mere technical issues (Whitman & Mattord, 2009). Quality of information security management would affect user’s awareness, motivation and behavior towards information security (Albrechtsen, 2007). You may have the well written information security policies in the and procedures in the world, yet if your people don’t know them, understand, and implement them within their job responsibilities or activities, then you will not have effective security (Herold, 2005). The people factor in security is more important than technology (Desman, 2003). In this case end users information security behavior would become important part in enterprise wide-information security (Herath & Rao, 2009). Indeed, people as the end users may be the weakest link in information security chain; hence information security awareness program is essential to greatly reduce the risks caused by end users (Whitman & Mattord, 2009).

A recent study from Tsohou et.al written about reviewing existing 48 literatures publications or studies concerning information security awareness perspective, problems, and concerns (Tsohou, Kokolakis, Karyda, & Kiountouzis, 2008).  This review is fundamental as a basic foundation to investigate the broader pictures of Information security awareness from different user perspectives such as practitioners, managers, as well as academics. In essence, information security awareness deals with the use of security awareness programs for creating and maintaining security positive behavior as a critical element in effective information (Kruger & Kearney, 2006). A lack of information security awareness can make organization vulnerable to internal and external threats (Chen, Shaw, & Yang, 2006).