The purpose of an information security awareness program serves to protect business data through user education to properly handle constant information security threats and to minimize its impact to the individual and the organization. Past research has not offered comprehensive studies involving an established security awareness program that uses both end user training and marketing tools to communicate and create awareness. Instead, these studies focused on the impact of data loss and addressing the importance of establishing user awareness.
The Office of Information Security at Mayo Clinic has established an ongoing enterprise-wide security awareness program. With the help of Information Security Ambassadors to assist in the delivery of this message, the study explores the lived experiences of this peer group to determine the impact of autonomous peer influence as it relates to phishing detection than to rely on technology alone.
Significance of this research will help identify if and how much peer influence promotes learning and user adaptation to safeguard users from malicious phishing in both the business and the private environment. This phenomenological approach aims to assist in the designing of a multifaceted security awareness approach to promote behavior change among a diverse population.