Publication Date
10-20-2025
Abstract
Abstract— Information security breaches remain a serious threat across all sectors, often exploiting human factors rather than technical flaws. This study examines how a structured Information Security Awareness (ISA) training program influences employees’ knowledge of security policies, attitudes towards those policies, and self-reported security behaviors within a K-12 educational environment. A quantitative pre-test/post-test design was employed with 201 staff members (administrators, teachers, and support personnel) in a public school district. Participants completed the Human Aspects of Information Security Questionnaire (HAIS-Q) before and after undergoing an interactive cybersecurity training program. Statistical analysis revealed a significant improvement in information security knowledge, attitudes, and behavior following the training (p < 0.001 for all domains). Additionally, strong positive correlations were observed among knowledge, attitude, and behavior both before and after training. These results indicate that well-designed ISA training can effectively enhance the human aspects of cybersecurity, reinforcing employees’ understanding of policies and encouraging safer security practices. While conducted in a single K-12 district, the findings suggest the potential applicability of the KAB model and interactive training approaches to other educational contexts and organizational sectors, though results may vary depending on organizational culture and demographic factors. The study also highlights that the improvements were measured in the short term; future research should evaluate long-term retention and behavioral maintenance. Implications for broader organizational practices and recommendations for addressing demographic and contextual differences in future studies are discussed.
Included in
Information Security Commons, Management Information Systems Commons, Technology and Innovation Commons