Page 1: Participant Information

Title of the study: Measuring attitudes towards information security awareness training at the University of Stirling

Name of department: Computer and Information Sciences, University of Strathclyde

Introduction

You are invited to participate in a web-based online survey about the information security course in WorkRite. 

It takes approximately 10-15 minutes to complete the study. Once you consent to the study, you will be asked to complete a questionnaire about the information security awareness training you have undertaken at the University.

Your responses will remain anonymous.

Eligibility 

You must be over the age of 18 and a staff member at the University of Stirling to participate. You must also have started or completed the Information Security course in WorkRite to complete this survey.

Background and purpose of the research

According to the National Cyber Security Centre1, phishing and social engineering remain among the highest threats to the UK education sector. One of the ways in which organisations try to mitigate this threat is by providing information security training for their staff. This study aims to measure staff attitudes towards information security awareness training at the University of Stirling. The results of the study will aid decision-making in regard to investment in information security training and may be helpful to other institutions in the higher education sector.

This survey is part of a research project being conducted by Victoria Szymanska, Cyber Security Specialist at the University of Stirling. It will form a part of an MSc in Cyber Security at the University of Strathclyde and is supervised by Dr. Sotirios Terzis (sotirios.terzis@strath.ac.uk).

Do you have to take part?

No. Participation in this study is voluntary and you have a right to withdraw from the research at any time without giving any reason, and without any penalty. You are free to decline to answer any particular question for any reason.

What will you do in the project?

You will be asked to complete a questionnaire about the information security training course in WorkRite. 

You will first be asked to provide some basic demographic information about yourself and the training you have received to date. You will then be asked some questions about your satisfaction with the training, your knowledge, attitude and perceived skills. 

It takes approximately 10-15 minutes to complete the questionnaire online. 

What information is being collected in the project?

The only data that will be collected are the anonymous responses to this questionnaire. You will not be asked to provide any personally identifiable information. Your IP address will not be recorded.

Who will have access to the information?

Direct access to survey responses stored in Jisc Online Surveys is restricted to the researcher using a password protected account.

Raw survey responses will be extracted in CSV format and backed up to a secure online repository in SharePoint. Access to this data will be restricted to the researcher and project supervisor.

Where will the information be stored and how long will it be kept for?

Your anonymous responses will be collected using Jisc Online Surveys and will be stored there for the duration of the research project.

Raw data extracted from the survey platform will be downloaded to the researcher's work computer for processing and data analysis. It will also be backed up to a secure folder in SharePoint. This will be retained for the duration of the project.

Upon completion of the project, the data will be published in Strathclyde's data repository, Pure, where it will be publicly accessible and retained for at least 10 years after publication. 

How will this information be processed?

The anonymous survey responses will be studied using statistical analysis software, to look for any trends or differences between participants from different demographics or levels of engagement with information security training. 

Where answers have been entered using a text box, the answers will be analysed using qualitative data analysis methods to gain insight into common themes or insights that arise. Qualitative data analysis software will be used for this. 

There will be no attempt to identify any individuals through this analysis. 

What happens next?

If you would like to find out more information about this project or ask any questions, please contact victoria.szymanska.2019@uni.strath.ac.uk

If you would like to participate in this study, please click on 'Next' at the bottom of this page. You will be asked to provide consent for participating in this study before completing the questionnaire.

If you are not interested in participating in this study, I would like to thank you for taking your time to read this. You can just close this browser window.

Who reviewed and approved this research?

This research was granted ethical approval by the Department of Computer and Information Sciences at the University of Strathclyde.

If you have any questions/concerns, during or after the research, or wish to contact an independent person to whom any questions may be directed or further information may be sought from, please contact:

Secretary to the Departmental Ethics Committee
Department of Computer and Information Sciences,
Livingstone Tower
Richmond Street
Glasgow
G1 1XH

email: ethics@cis.strath.ac.uk

Researcher contact details:

Victoria Szymanska
MSc Cyber Security student
Computer and Information Sciences
University of Strathclyde
email: victoria.szymanska.2019@uni.strath.ac.uk

Cyber Security Specialist
University of Stirling
email: victoria.szymanska1@stir.ac.uk 
MS Teams: chat link

Supervisor contact details:

Sotirios Terzis
Lecturer
Computer and Information Sciences
University of Strathclyde
email: sotirios.terzis@strath.ac.uk

References

1. https://www.ncsc.gov.uk/report/the-cyber-threat-to-universities