About the Measuring of Information Security Awareness: A Systematic Literature Review
Files
Date
2020-01-07
Authors
Contributor
Advisor
Department
Instructor
Depositor
Speaker
Researcher
Consultant
Interviewer
Narrator
Transcriber
Annotator
Journal Title
Journal ISSN
Volume Title
Publisher
Volume
Number/Issue
Starting Page
Ending Page
Alternative Title
Abstract
To make employees aware of their important role for information security, companies typically carry out security awareness campaigns. The success and effectiveness of those campaigns has to be measured to justify the budget for example. Therefore, we did a systematic literature review in order to learn how information security awareness (ISA) is measured in theory and practice. We covered published literature as well as unpublished information. The unpublished information was retrieved by interviewing experts of small and medium-sized enterprises. The results showed that ISA is mostly measured via questionnaires. Round about 40 % of the questionnaires are based on the Knowledge-Attitude-Behavior-Model which is itself scientifically weak. According to studies measuring knowledge is not sufficient and,behavior has to be measured. Our results show that the answers of participants in questionnaires often differ from the truth due to wrong perception or social desirability bias. Therefore, behavior should be measured through behavior tests.
Description
Keywords
Security and Privacy Aspects of Human-Computer-Interactions, assessment, information security awareness, measuring, metrics
Citation
Extent
10 pages
Format
Geographic Location
Time Period
Related To
Proceedings of the 53rd Hawaii International Conference on System Sciences
Related To (URI)
Table of Contents
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International
Rights Holder
Local Contexts
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.