Please use this identifier to cite or link to this item:
Lessons Learned from an Information Security Incident: A Practical Recommendation to Involve Employees in Information Security
|Title:||Lessons Learned from an Information Security Incident: A Practical Recommendation to Involve Employees in Information Security|
|Keywords:||Innovative Behavioral IS Security and Privacy Research|
behavioral information security, information security awareness, information security incident, involvement theory.
|Date Issued:||03 Jan 2018|
|Abstract:||With the increasingly negative impact of information security attacks, measures of information security, which address the weakest link in the information security chain, namely the employee, have become a necessity for today’s business world. One way to improve employees’ - yet limited - information security awareness is to learn from past information security incidents. This study theoretically builds upon the so called involvement theory to extend the existing research on information security awareness. Insights gained from 34 interviews suggest that involvement accompanied with a detailed review of past security incidents has a positive effect on staff’s information security awareness. Employees, directly affected by an information security incident, gain significant information security expertise and knowledge which they can, again, share with their colleagues. Moreover, constructive team work in the light of information security risks as well as an adequate adjustment of security-related measures is fostered.|
|Rights:||Attribution-NonCommercial-NoDerivatives 4.0 International|
|Appears in Collections:||
Innovative Behavioral IS Security and Privacy Research|
Please email firstname.lastname@example.org if you need this content in ADA-compliant format.
This item is licensed under a Creative Commons License