Many organisations are dedicated to enhancing their security by investing heavily in Security Education, Training, and Awareness (SETA) programmes to protect their platforms and personnel better. However, measuring the effectiveness of these initiatives remains a considerable challenge. This study presents a systematic literature review conducted following the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) methodology to examine how SETA effectiveness is currently assessed and to identify significant gaps in existing approaches. The review reveals that many evaluations still depend on self-reported data, knowledge tests, or participation rates, which offer limited insight into whether secure behaviours are genuinely being adopted or sustained. Moreover, current assessment practices often neglect the impact of emerging threats, such as AI-driven phishing and deepfakes, and seldom consider the long-term behavioural effects of SETA programmes. Although innovative methods employing behavioural metrics, psychological engagement, and mixed-method approaches demonstrate strong potential, they remain underutilised. The findings underscore the necessity for more meaningful, behaviour-oriented, and context-aware evaluation frameworks that mirror real-world security challenges and foster more robust organisational security cultures.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Identifying Gaps in the Evaluation of Security Education, Training and Awareness (SETA) Programs: A Systematic Literature Review

  • Phathutshedzo Mudau,
  • Noluntu Mpekoa,
  • Noluxolo Gcaza

摘要

Many organisations are dedicated to enhancing their security by investing heavily in Security Education, Training, and Awareness (SETA) programmes to protect their platforms and personnel better. However, measuring the effectiveness of these initiatives remains a considerable challenge. This study presents a systematic literature review conducted following the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) methodology to examine how SETA effectiveness is currently assessed and to identify significant gaps in existing approaches. The review reveals that many evaluations still depend on self-reported data, knowledge tests, or participation rates, which offer limited insight into whether secure behaviours are genuinely being adopted or sustained. Moreover, current assessment practices often neglect the impact of emerging threats, such as AI-driven phishing and deepfakes, and seldom consider the long-term behavioural effects of SETA programmes. Although innovative methods employing behavioural metrics, psychological engagement, and mixed-method approaches demonstrate strong potential, they remain underutilised. The findings underscore the necessity for more meaningful, behaviour-oriented, and context-aware evaluation frameworks that mirror real-world security challenges and foster more robust organisational security cultures.