Open AccessMeasuring An Information Security Awareness Program
Author(s) -
Michael M. Wolf,
Dwight Haworth,
Leah R. Pietron
Publication year - 2011
Publication title -
review of business information systems (rbis)
Language(s) - English
Resource type - Journals
eISSN - 2157-9547
pISSN - 1534-665X
DOI - 10.19030/rbis.v15i3.5398
Subject(s) - security awareness , computer science , computer security , compliance (psychology) , information security , field (mathematics) , security policy , information security standards , internet privacy , knowledge management , psychology , security service , social psychology , network security policy , mathematics , pure mathematics
Research shows security awareness lacks a uniform definition. This paper explores the various attempts that have been made to define security awareness and then presents a clear and concise definition of security awareness. Due to the lack of a behaviorally-oriented measurement, security awareness has relied on the use of self-reported questionnaires and surveying users through this same type of instrument. These attempts assume that knowledge of security awareness leads to correspondingly correct behavior, without attempting any field validation that this paradigm holds true. This paper goes beyond self-reporting and measures the behavior of end-users. It compares that behavior with policy to determine the actual compliance percentage and draws conclusions from these results.
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom