Please use this identifier to cite or link to this item:

About the Measuring of Information Security Awareness: A Systematic Literature Review

File Size Format  
0644.pdf 206.2 kB Adobe PDF View/Open

Item Summary

Title:About the Measuring of Information Security Awareness: A Systematic Literature Review
Authors:Fertig, Tobias
Schütz, Andreas
Keywords:Security and Privacy Aspects of Human-Computer-Interactions
information security awareness
Date Issued:07 Jan 2020
Abstract:To make employees aware of their important role for information security, companies typically carry out security awareness campaigns. The success and effectiveness of those campaigns has to be measured to justify the budget for example. Therefore, we did a systematic literature review in order to learn how information security awareness (ISA) is measured in theory and practice. We covered published literature as well as unpublished information. The unpublished information was retrieved by interviewing experts of small and medium-sized enterprises. The results showed that ISA is mostly measured via questionnaires. Round about 40 % of the questionnaires are based on the Knowledge-Attitude-Behavior-Model which is itself scientifically weak. According to studies measuring knowledge is not sufficient and,behavior has to be measured. Our results show that the answers of participants in questionnaires often differ from the truth due to wrong perception or social desirability bias. Therefore, behavior should be measured through behavior tests.
Pages/Duration:10 pages
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
Appears in Collections: Security and Privacy Aspects of Human-Computer-Interactions

Please email if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons