Identifying Gaps in the Evaluation of Security Education, Training and Awareness (SETA) Programs: A Systematic Literature Review
摘要
Many organisations are dedicated to enhancing their security by investing heavily in Security Education, Training, and Awareness (SETA) programmes to protect their platforms and personnel better. However, measuring the effectiveness of these initiatives remains a considerable challenge. This study presents a systematic literature review conducted following the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) methodology to examine how SETA effectiveness is currently assessed and to identify significant gaps in existing approaches. The review reveals that many evaluations still depend on self-reported data, knowledge tests, or participation rates, which offer limited insight into whether secure behaviours are genuinely being adopted or sustained. Moreover, current assessment practices often neglect the impact of emerging threats, such as AI-driven phishing and deepfakes, and seldom consider the long-term behavioural effects of SETA programmes. Although innovative methods employing behavioural metrics, psychological engagement, and mixed-method approaches demonstrate strong potential, they remain underutilised. The findings underscore the necessity for more meaningful, behaviour-oriented, and context-aware evaluation frameworks that mirror real-world security challenges and foster more robust organisational security cultures.