1 - 3 of 3
ItemThe Forgotten Model – Validating the Integrated Behavioral Model in Context of Information Security Awareness( 2023-01-03)The behavior of employees has a strong influence on the information security of a company. Whether humans behave information security compliant depends on a large extent on their information security awareness (ISA). Social psychology provides an understanding about factors that influence awareness and thus gives relevant insights on how to increase an employee‘s ISA. A promising theory from health psychology is the Integrated Behavioral Model (IBM). To validate the significance of the IBM for ISA, a structured literature review about models that explain ISA has been conducted. The analysis of the found ISA models and their constructs showed that the IBM indeed includes all found factors. Based on the findings, the paper presents an extended model of the IBM within the ISA context with a higher level of detail. The model can be used to analyze individualized ISA and help companies to enhance ISA in a systematic way.
ItemDeveloping a Maturity Model for Information Security Awareness Using a Polytomous Extension of the Rasch Model( 2023-01-03)Advancing digitization in companies leads to increased importance of information and their security. Since people play a crucial role in protecting information, it is important to sensitize them to information security. Many companies find it difficult to raise the so-called information security awareness (ISA) in a planned and targeted way. With a maturity model (MM) for ISA, companies are able to carry out an assessment of the current state regarding ISA and thereby actively manage and plan their future ISA measures. The proposed MM has five maturity levels that were determined mathematically with the help of a polytomous extension of the Rasch model and a hierarchical cluster analysis. The required data for the calculations has been gathered with a survey among 105 organizations. The evaluation has shown that the MM is well-suited to identify strengths and weaknesses with regard to ISA within organizations.