Exploring the link between organizations behavioral information security governance and employee information security awareness
2015 (English)In: Proceedings of the 9th International Symposium on Human Aspects of Information Security & Assurance, 2015Conference paper (Refereed)
This paper explores the relation between a set of behavioural information security governancefactors and employees’ information security awareness. To enable statistical analysis betweenproposed relations, data was collected from two different samples in 24 organisations: 24information security executives and 240 employees. The results reveal that having a formalunit with explicit responsibility for information security, utilizing coordinating committees,and sharing security knowledge through an intranet site significantly correlates withdimensions of employees’ information security awareness. However, regular identification ofvulnerabilities in information systems and related processes is significantly negativelycorrelated with employees’ information security awareness, in particular managing passwords.The effect of behavioural information security governance on employee information securityawareness is an understudied topic. Therefore, this study is explorative in nature and theresults are preliminary. Nevertheless, the paper provides implications for both research andpractice.
Place, publisher, year, edition, pages
Research subject Computer Science
IdentifiersURN: urn:nbn:se:kth:diva-184671OAI: oai:DiVA.org:kth-184671DiVA: diva2:916425
9th International Symposium on Human Aspects of Information Security & Assurance
QC 201604182016-04-022016-04-022016-05-03Bibliographically approved