An Exploratory Study of Current Information Security Training and Awareness Practices in Organizations

Date
2018-01-03
Authors
Alshaikh, Moneer
Maynard, Sean B
Ahmad, Atif
Chang, Shanton
Contributor
Advisor
Department
Instructor
Depositor
Speaker
Researcher
Consultant
Interviewer
Journal Title
Journal ISSN
Volume Title
Publisher
Volume
Number/Issue
Starting Page
Ending Page
Alternative Title
Abstract
Effective information security training and awareness (ISTA) is essential to protect organizational information resources. Our review of industry best-practice guidelines on ISTA exposed two key deficiencies. First, they are presented at a conceptual-level without any empirical evidence of their validity. Second, the guidelines are generic (one size fits all) without consideration of the diversity in organizational contexts where they will be applied. Given these deficiencies in ISTA guidance, this paper reports on the findings of an exploratory study into how ISTA is implemented in different organizational contexts in six organizations. The paper identifies three challenges: the lack of motivational aspects in current ISTA program, the competition for employees’ attention and the difficulty in measuring the effectiveness of ISTA program. Several recommendations and suggestions were outlined to overcome these challenges.
Description
Keywords
Practice-based IS Research, information security training and awareness, information security management, security training and awareness activities
Citation
Extent
10 pages
Format
Geographic Location
Time Period
Related To
Proceedings of the 51st Hawaii International Conference on System Sciences
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International
Rights Holder
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.