Open AccessMeasuring An Information Security Awareness Program
Author(s) -
Michael Wolf
Publication year - 2011
Publication title -
the review of business information systems
Language(s) - English
Resource type - Journals
eISSN - 2157-9547
pISSN - 1534-665X
DOI - 10.19030/rbis.v15i3.5398
Subject(s) - security awareness , computer science , computer security , compliance (psychology) , information security , field (mathematics) , security policy , information security standards , internet privacy , knowledge management , psychology , security service , social psychology , network security policy , mathematics , pure mathematics
Research shows security awareness lacks a uniform definition. This paper explores the various attempts that have been made to define security awareness and then presents a clear and concise definition of security awareness. Due to the lack of a behaviorally-oriented measurement, security awareness has relied on the use of self-reported questionnaires and surveying users through this same type of instrument. These attempts assume that knowledge of security awareness leads to correspondingly correct behavior, without attempting any field validation that this paradigm holds true. This paper goes beyond self-reporting and measures the behavior of end-users. It compares that behavior with policy to determine the actual compliance percentage and draws conclusions from these results.