{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,28]],"date-time":"2025-08-28T12:15:57Z","timestamp":1756383357093,"version":"3.41.0"},"publisher-location":"Cham","reference-count":51,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030811105"},{"type":"electronic","value":"9783030811112"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-81111-2_9","type":"book-chapter","created":{"date-parts":[[2021,7,7]],"date-time":"2021-07-07T06:02:42Z","timestamp":1625637762000},"page":"102-112","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Evaluation Strategies for Cybersecurity Training Methods: A Literature Review"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2084-9119","authenticated-orcid":false,"given":"Joakim","family":"K\u00e4vrestad","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5962-9995","authenticated-orcid":false,"given":"Marcus","family":"Nohlberg","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,7,8]]},"reference":[{"key":"9_CR1","first-page":"5","volume":"1","author":"MM Al-Daeef","year":"2017","unstructured":"Al-Daeef, M.M., Basir, N., Saudi, M.M.: Security awareness training: a review. Proc. World Congress Eng. 1, 5\u20137 (2017)","journal-title":"Proc. World Congress Eng."},{"key":"9_CR2","doi-asserted-by":"crossref","unstructured":"Alshaikh, M., Maynard, S.B., Ahmad, A., Chang, S.: An exploratory study of current information security training and awareness practices in organizations. In: Proceedings of the 51st Hawaii International Conference on System Sciences (2018)","DOI":"10.24251\/HICSS.2018.635"},{"issue":"2","key":"9_CR3","first-page":"115","volume":"28","author":"R Ayyagari","year":"2017","unstructured":"Ayyagari, R., Figueroa, N.: Is seeing believing? training users on information security: evidence from java applets. J. Inf. Syst. Educ. 28(2), 115\u2013120 (2017)","journal-title":"J. Inf. Syst. Educ."},{"issue":"4","key":"9_CR4","doi-asserted-by":"publisher","first-page":"837","DOI":"10.25300\/MISQ\/2015\/39.4.5","volume":"39","author":"S Boss","year":"2015","unstructured":"Boss, S., Galletta, D., Lowry, P.B., Moody, G.D., Polak, P.: What do systems users have to fear? using fear appeals to engender threats and fear that motivate protective security behaviors. MIS Q. (MISQ) 39(4), 837\u2013864 (2015)","journal-title":"MIS Q. (MISQ)"},{"issue":"2","key":"9_CR5","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1191\/1478088706qp063oa","volume":"3","author":"V Braun","year":"2006","unstructured":"Braun, V., Clarke, V.: Using thematic analysis in psychology. Qualitative Res. Psychol. 3(2), 77\u2013101 (2006)","journal-title":"Qualitative Res. Psychol."},{"issue":"3","key":"9_CR6","doi-asserted-by":"publisher","first-page":"523","DOI":"10.2307\/25750690","volume":"34","author":"B Bulgurcu","year":"2010","unstructured":"Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Quarterly 34(3), 523\u2013548 (2010)","journal-title":"MIS Quarterly"},{"key":"9_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/978-3-319-91716-0_2","volume-title":"HCI in Business, Government, and Organizations","author":"J Burris","year":"2018","unstructured":"Burris, J., Deneke, W., Maulding, B.: Activity simulation for experiential learning in cybersecurity workforce development. In: Nah, F.F.-H., Xiao, B.S. (eds.) HCIBGO 2018. LNCS, vol. 10923, pp. 17\u201325. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-91716-0_2"},{"issue":"4","key":"9_CR8","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1037\/h0040950","volume":"54","author":"DT Campbell","year":"1957","unstructured":"Campbell, D.T.: Factors relevant to the validity of experiments in social settings. Psychol. Bull. 54(4), 297 (1957)","journal-title":"Psychol. Bull."},{"key":"9_CR9","doi-asserted-by":"crossref","unstructured":"Choi, K.H., Lee, D.H.: A study on strengthening security awareness programs based on an rfid access control system for inside information leakage prevention. Multimed. Tools Appl. 74(20), 8927\u20138937","DOI":"10.1007\/s11042-013-1727-y"},{"key":"9_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1007\/978-3-030-22351-9_8","volume-title":"HCI for Cybersecurity, Privacy and Trust","author":"JR Cole","year":"2019","unstructured":"Cole, J.R., Pence, T., Cummings, J., Baker, E.: Gamifying security awareness: a new prototype. In: Moallem, A. (ed.) HCII 2019. LNCS, vol. 11594, pp. 115\u2013133. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-22351-9_8"},{"key":"9_CR11","doi-asserted-by":"crossref","unstructured":"Cuchta, T., et al.: Human risk factors in cybersecurity, pp. 87\u201392","DOI":"10.1145\/3349266.3351407"},{"key":"9_CR12","unstructured":"Cybint: (2020) https:\/\/www.cybintsolutions.com\/cyber-security-facts-stats\/"},{"issue":"6","key":"9_CR13","first-page":"39","volume":"11","author":"MB Desman","year":"2003","unstructured":"Desman, M.B.: The ten commandments of information security awareness training. Inf. Secur. J. A Glob. Perspect. 11(6), 39\u201344 (2003)","journal-title":"Inf. Secur. J. A Glob. Perspect."},{"key":"9_CR14","unstructured":"Dincelli, E., Chengalur-Smith, I.: Choose your own training adventure: designing a gamified seta artefact for improving information security and privacy through interactive storytelling. European Journal of Information Systems"},{"key":"9_CR15","unstructured":"EC-Council: (2019). https:\/\/blog.eccouncil.org\/the-top-types-of-cybersecurity-attacks-of-2019-till-date\/"},{"issue":"3","key":"9_CR16","doi-asserted-by":"publisher","first-page":"195","DOI":"10.1007\/s11292-008-9059-z","volume":"4","author":"JE Eck","year":"2008","unstructured":"Eck, J.E., Liu, L.: Contrasting simulated and empirical experiments in crime prevention. J. Exp. Criminol. 4(3), 195\u2013213 (2008)","journal-title":"J. Exp. Criminol."},{"key":"9_CR17","doi-asserted-by":"crossref","unstructured":"Gjertsen, E.G.B., Gjaere, E.A., Bartnes, M., Flores, W.R.: Gamification of Information Security Awareness and Training. Icissp (2017)","DOI":"10.5220\/0006128500590070"},{"key":"9_CR18","unstructured":"Gokul, C.J., Pandit, S., Vaddepalli, S., Tupsamudre, H., Banahatti, V., Lodha, S., Acm: PHISHY - a serious game to train enterprise users on phishing awareness. In: Proceedings of the 2018 Annual Symposium on Computer-Human Interaction in Play Companion Extended Abstracts (2018)"},{"key":"9_CR19","unstructured":"Gundu, T.: Acknowledging and Reducing the Knowing and Doing gap in Employee Cybersecurity Compliance, pp. 94\u2013102. International Conference on Cyber Warfare and Security (2019)"},{"key":"9_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1007\/978-3-319-66715-7_19","volume-title":"Entertainment Computing \u2013 ICEC 2017","author":"D Huynh","year":"2017","unstructured":"Huynh, D., Luong, P., Iida, H., Beuran, R.: Design and evaluation of a cybersecurity awareness training game. In: Munekata, N., Kunita, I., Hoshino, J. (eds.) ICEC 2017. LNCS, vol. 10507, pp. 183\u2013188. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66715-7_19"},{"key":"9_CR21","unstructured":"Jayakrishnan, G.C., Sirigireddy, G.R., Vaddepalli, S., Banahatti, V., Lodha, S.P., Pandit, S.S.: Passworld: a serious game to promote password awareness and diversity in an enterprise. In: (SOUPS 2020), pp. 1\u201318 (2020)"},{"key":"9_CR22","unstructured":"Jesson, J., Matheson, L., Lacey, F.M.: Doing your literature review: Traditional and systematic techniques. Sage (2011)"},{"issue":"4","key":"9_CR23","doi-asserted-by":"crossref","first-page":"351","DOI":"10.69554\/KMOS3545","volume":"1","author":"A Joinson","year":"2018","unstructured":"Joinson, A., van Steen, T.: Human aspects of cyber security: behaviour or culture change? Cyber Secur. Peer-Reviewed J. 1(4), 351\u2013360 (2018)","journal-title":"Cyber Secur. Peer-Reviewed J."},{"key":"9_CR24","unstructured":"Kunz, A., Volkamer, M., Stockhardt, S., Palberg, S., Lottermann, T., Piegert, E.: Nophish: evaluation of a web application that teaches people being aware of phishing attacks, vol. P-259, pp. 509\u2013518 (2016)"},{"key":"9_CR25","unstructured":"Lastdrager, E., Gallardo, I.C., Hartel, P., Junger, M.: How effective is anti-phishing training for children? pp. 229\u2013239 (2017)"},{"key":"9_CR26","doi-asserted-by":"crossref","unstructured":"Lim, I.K., Park, Y.G., Lee, J.K.: Design of security training system for individual users. Wirel. Personal Commun. 90(3), 1105\u20131120 (2016)","DOI":"10.1007\/s11277-016-3380-z"},{"key":"9_CR27","doi-asserted-by":"crossref","unstructured":"Meline, T.: Selecting studies for systematic review: inclusion and exclusion criteria. Contemporary Issues in Communication Science and Disorders 33(21\u201327) (2006)","DOI":"10.1044\/cicsd_33_S_21"},{"key":"9_CR28","unstructured":"Micallef, N., Arachchilage, N.A.G.: Involving users in the design of a serious game for security questions education. arXiv preprint arXiv:1710.03888 (2017)"},{"key":"9_CR29","doi-asserted-by":"crossref","unstructured":"Moreno-Fern\u00e1ndez, M.M., Blanco, F., Garaizar, P., Matute, H.: Fishing for phishers. improving internet users\u2019 sensitivity to visual deception cues to prevent electronic fraud. Comput. Hum. Behav. 69, 421\u2013436 (2017)","DOI":"10.1016\/j.chb.2016.12.044"},{"key":"9_CR30","unstructured":"Par\u00e9, G., Kitsiou, S.: Methods for literature reviews. In: Handbook of eHealth Evaluation: An Evidence-based Approach [Internet]. University of Victoria (2017)"},{"key":"9_CR31","unstructured":"Parsons, K., Butavicius, M.A., Lillie, M., Calic, D., McCormac, A., Pattinson, M.R.: Which individual, cultural, organisational and interventional factors explain phishing resilience? In: HAISA, pp. 1\u201311 (2018)"},{"key":"9_CR32","doi-asserted-by":"crossref","unstructured":"Puhakainen, P., Siponen, M.: Improving employees\u2019 compliance through information systems security training: an action research study. MIS quarterly, pp. 757\u2013778 (2010)","DOI":"10.2307\/25750704"},{"key":"9_CR33","doi-asserted-by":"crossref","unstructured":"Rastenis, J., Ramanauskait\u0117, S., Janulevi\u010dius, J., \u010cenys, A.: Impact of information security training on recognition of phishing attacks: A case study of vilnius gediminas technical university. vol. 1243. CCIS, pp. 311\u2013324","DOI":"10.1007\/978-3-030-57672-1_23"},{"key":"9_CR34","unstructured":"Reinheimer, B., et al.: An investigation of phishing awareness and education over time: when and how to best remind users. In: (SOUPS 2020), pp. 259\u2013284 (2020)"},{"key":"9_CR35","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1016\/j.ijhcs.2018.05.011","volume":"120","author":"K Renaud","year":"2018","unstructured":"Renaud, K., Zimmermann, V.: Ethical guidelines for nudging in information security & privacy. Int. J. Hum. Comput. Stud. 120, 22\u201335 (2018)","journal-title":"Int. J. Hum. Comput. Stud."},{"key":"9_CR36","doi-asserted-by":"publisher","first-page":"442","DOI":"10.1016\/j.chb.2015.12.037","volume":"57","author":"NS Safa","year":"2016","unstructured":"Safa, N.S., Von Solms, R.: An information security knowledge sharing model in organizations. Comput. Hum. Behav. 57, 442\u2013451 (2016)","journal-title":"Comput. Hum. Behav."},{"key":"9_CR37","doi-asserted-by":"crossref","unstructured":"Silic, M., Lowry, P.B.: Using design-science based gamification to improve organizational security training and compliance. J. Manage. Inf. Syst. 37(1), 129\u2013161 (2020)","DOI":"10.1080\/07421222.2019.1705512"},{"key":"9_CR38","doi-asserted-by":"crossref","unstructured":"Siponen, M.T.: A conceptual foundation for organizational information security awareness. Information Management & Computer Security (2000)","DOI":"10.1108\/09685220010371394"},{"key":"9_CR39","unstructured":"Soare, B.: (2020). https:\/\/heimdalsecurity.com\/blog\/vectors-of-attack\/"},{"key":"9_CR40","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1007\/978-3-319-33630-5_10","volume-title":"ICT Systems Security and Privacy Protection","author":"Simon Stockhardt","year":"2016","unstructured":"Stockhardt, Simon, et al.: Teaching phishing-security: which way is best? In: Hoepman, Jaap-Henk., Katzenbeisser, Stefan (eds.) SEC 2016. IAICT, vol. 471, pp. 135\u2013149. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-33630-5_10"},{"key":"9_CR41","doi-asserted-by":"crossref","unstructured":"Takata, T., Ogura, K., IEEE: Confront Phishing Attacks - from a Perspective of Security Education, pp. 10\u201313. International Conference on Awareness Science and Technology (2019)","DOI":"10.1109\/ICAwST.2019.8923444"},{"key":"9_CR42","doi-asserted-by":"crossref","unstructured":"Taneski, V., Heri\u010dko, M., Brumen, B.: Impact of security education on password change, pp. 1350\u20131355 (2015)","DOI":"10.1109\/MIPRO.2015.7160484"},{"issue":"5","key":"9_CR43","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1109\/2.675631","volume":"31","author":"WF Tichy","year":"1998","unstructured":"Tichy, W.F.: Should computer scientists experiment more? Computer 31(5), 32\u201340 (1998)","journal-title":"Computer"},{"key":"9_CR44","doi-asserted-by":"crossref","unstructured":"Tschakert, K.F., Ngamsuriyaroj, S.: Effectiveness of and user preferences for security awareness training methodologies. Heliyon 5(6), e02010 (2019)","DOI":"10.1016\/j.heliyon.2019.e02010"},{"key":"9_CR45","unstructured":"Van Rensburg, W.J., Thomson, K.L., Futcher, L.: An educational intervention towards safe smartphone usage. In: HAISA 2018 (2018)"},{"issue":"3","key":"9_CR46","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1016\/j.cose.2004.01.012","volume":"23","author":"C Vroom","year":"2004","unstructured":"Vroom, C., Von Solms, R.: Towards information security behavioural compliance. Comput. Secur. 23(3), 191\u2013198 (2004)","journal-title":"Comput. Secur."},{"key":"9_CR47","doi-asserted-by":"crossref","unstructured":"Wen, Z.A., Lin, Z.Q., Chen, R., Andersen, E.: What. Hack: engaging anti-phishing training through a role-playing phishing simulation game. In: Chi 2019 (2019)","DOI":"10.1145\/3290605.3300338"},{"key":"9_CR48","doi-asserted-by":"crossref","unstructured":"Wohlin, C., Runeson, P., H\u00f6st, M., Ohlsson, M.C., Regnell, B., Wessl\u00e9n, A.: Experimentation in software engineering. Springer Science & Business Media (2012)","DOI":"10.1007\/978-3-642-29044-2"},{"key":"9_CR49","doi-asserted-by":"crossref","unstructured":"Xiong, A.P., Proctor, R.W., Yang, W.N., Li, N.H.: Embedding training within warnings improves skills of identifying phishing webpages. Human Factors 61(4), 577\u2013595 (2019)","DOI":"10.1177\/0018720818810942"},{"key":"9_CR50","doi-asserted-by":"crossref","unstructured":"Yang, W., Xiong, A., Chen, J., Proctor, R.W., Li, N.: Use of phishing training to improve security warning compliance: Evidence from a field experiment. vol. Part F127186, pp. 52\u201361 (2017)","DOI":"10.1145\/3055305.3055310"},{"key":"9_CR51","doi-asserted-by":"crossref","unstructured":"Zhou, L.M., Parmanto, B., Alfikri, Z., Bao, J.: A mobile app for assisting users to make informed selections in security settings for protecting personal health data: Development and feasibility study. Jmir Mhealth and Uhealth 6(12), e11210 (2018)","DOI":"10.2196\/11210"}],"container-title":["IFIP Advances in Information and Communication Technology","Human Aspects of Information Security and Assurance"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-81111-2_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,6]],"date-time":"2025-07-06T22:02:57Z","timestamp":1751839377000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-81111-2_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030811105","9783030811112"],"references-count":51,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-81111-2_9","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"8 July 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"HAISA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Human Aspects of Information Security and Assurance","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7 July 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 July 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"haisa2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.haisa.org\/?page=home","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"30","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"18","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"60% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.43","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}