Employees Information Security Awareness and Behavior a Literature Review

Abstract

In guild to achieve continuous improvement Maturity Models (MM) are ofttimes used to assess the abilities of employees. Moreover, the continuous improvement is also required in the field of Data Security Awareness (ISA). This is due to the fact, that ISA trainings have to be repeated frequently in order to keep the level of sensation of the employees upwards and to stay in their listen. Within our inquiry project, nosotros are using the Integrated Behavorial Model (IBM) equally definition of ISA. The IBM includes many different aspects like knowledge, attitude, and habit. We carried out a systematic literature review to determine if a MM based on the IBM can be defined to assess the maturity of ISA. Since the IBM covers aspects of psychology, we did not only search for MM for information security, since the human gene is often neglected. Moreover, the awareness is often but assessed via the knowledge of employees. However, knowledge is only i aspect of the IBM. At the end, none of the uncovered MMs considers all aspects of the IBM. In contrast to MM for information security, MM of other fields of research are considering psychological aspects if they are dealing with homo factors. Therefore, information technology is possible to create a MM based on the IBM for ISA. Moreover, we tin can easily derive some of the used assessments for our MM.

Keywords

  • Information Security Sensation
  • Measuring
  • Maturity Models
  • Metrics
  • Automated measuring

References

  1. Aggestam, 50.: Towards a maturity model for learning organizations - the role of noesis direction. In: 17th International Workshop on Database and Good Systems Applications (DEXA 2006), pp. 141–145, September 2006. https://doi.org/10.1109/DEXA.2006.138. ISSN: 2378-3915

  2. Almuhammadi, S., Alsaleh, M.: Data security maturity model for Nist cyber security framework. In: ICIT 2017 (2017). https://doi.org/10.5121/csit.2017.70305

  3. Bada, 1000., Sasse, A.M., Nurse, J.R.: Cyber security awareness campaigns: why practise they fail to modify behaviour? Global Cyber Security Capacity Centre: Typhoon Working Paper, pp. 188–131 (2014)

    Google Scholar

  4. Barclay, C.: Sustainable security advantage in a changing surroundings: the cybersecurity capability maturity model (CM2). In: Proceedings of the 2014 ITU Kaleidoscope Academic Conference: Living in a Converged World - Impossible Without Standards? pp. 275–282, June 2014. https://doi.org/10.1109/Kaleidoscope.2014.6858466. ISSN: null

  5. Boughzala, I., Vreede, T.D., Nguyen, C., Vreede, Thousand.J.D.: Towards a maturity model for the assessment of ideation in crowdsourcing projects. In: 2014 47th Hawaii International Conference on Arrangement Sciences, pp. 483–490, January 2014. https://doi.org/ten.1109/HICSS.2014.67. ISSN: 1530-1605

  6. Brocke, J.Five., Simons, A., Niehaves, B., Riemer, K., Plattfaut, R., Cleven, A.: Reconstructing the giant: on the importance of rigour in documenting the literature search process. In: ECIS (2009)

    Google Scholar

  7. de Bruin, R., von Solms, S.H.: Modelling cyber security governance maturity. In: 2015 IEEE International Symposium on Technology and Society (ISTAS), pp. one–eight, November 2015. https://doi.org/ten.1109/ISTAS.2015.7439415. ISSN: 2158-3412

  8. de Bruin, R., von Solms, S.H.: Cybersecurity governance: how can we measure it? In: 2016 IST-Africa Week Conference, pp. 1–ix, May 2016. https://doi.org/10.1109/ISTAFRICA.2016.7530578. ISSN: goose egg

  9. Canal, V.A.: ISM3 i.0. Information security management maturity model. Institute for Security and Open Methodologies (2004)

    Google Scholar

  10. Carvalho, J.5., Rocha, A., van de Wetering, R., Abreu, A.: A maturity model for infirmary information systems. J. Bus. Res. 94, 388–399 (2019). https://doi.org/10.1016/j.jbusres.2017.12.012. http://www.sciencedirect.com/science/article/pii/S0148296317305076

    CrossRef  Google Scholar

  11. Cornu, C., Chapurlat, V., Quiot, J.M., Irigoin, F.: A maturity model for the deployment of Systems Engineering processes. In: 2012 IEEE International Systems Conference SysCon 2012, pp. 1–six, March 2012. https://doi.org/10.1109/SysCon.2012.6189535. ISSN: nix

  12. Da Veiga, A., Martins, Northward.: Information security culture and information protection civilisation: a validated assessment instrument. Comput. Law Secur. Rev. 31(2), 243–256 (2015). https://doi.org/10.1016/j.clsr.2015.01.005. http://www.sciencedirect.com/science/commodity/pii/S0267364915000060

    CrossRef  Google Scholar

  13. Dzazali, S., Sulaiman, A., Zolait, A.H.: Information security landscape and maturity level: case report of Malaysian public service (MPS) organizations. Gov. Inf. Q. 26(4), 584–593 (2009). https://doi.org/10.1016/j.giq.2009.04.004. http://www.sciencedirect.com/science/article/pii/S0740624X09000859

    CrossRef  Google Scholar

  14. Fertig, T., Schütz, A.: Nigh the measuring of information security awareness: a systematic literature review. In: 53rd Hawaii International Conference on Organization Sciences, Jan 2020. http://scholarspace.manoa.hawaii.edu/handle/10125/64540

  15. Ghaffari, F., Arabsorkhi, A.: A new adaptive cyber-security capability maturity model. In: 2018 9th International Symposium on Telecommunications (IST), pp. 298–304, December 2018. https://doi.org/10.1109/IS.2018.8661018. ISSN: null

  16. Gundu, T., Flowerday, S., Renaud, Chiliad.: Evangelize security sensation preparation, and then echo: deliver; measure out efficacy. In: 2019 Conference on Information Communications Engineering and Club (ICTAS), pp. 1–half-dozen, March 2019. https://doi.org/10.1109/ICTAS.2019.8703523

  17. Hänsch, N., Benenson, Z.: Specifying IT security awareness. In: 2014 25th International Workshop on Database and Expert Systems Applications, pp. 326–330, September 2014. https://doi.org/x.1109/DEXA.2014.71

  18. Harigopal, U., Satyadas, A.: Cognizant enterprise maturity model (CEMM). IEEE Trans. Syst. Homo Cybern. Office C (Appl. Rev.) 31(four), 449–459 (2001). https://doi.org/x.1109/5326.983928

    CrossRef  Google Scholar

  19. Helisch, M., Pokoyski, D.: Security sensation: Neue Wege zur erfolgreichen Mitarbeiter-Sensibilisierung. Vieweg+Teubner Verlag/GWV Fachverlage GmbH Wiesbaden, Wiesbaden (2009). https://doi.org/10.1007/978-3-8348-9594-3

  20. Ifenthaler, D., Egloffstein, K.: Development and implementation of a maturity model of digital transformation. TechTrends 64, 302–309 (2019). https://doi.org/x.1007/s11528-019-00457-four

    CrossRef  Google Scholar

  21. Jacob, A., Teuteberg, F.: Evolution of a social media maturity model for logistics service providers. In: Abramowicz, Westward., Corchuelo, R. (eds.) BIS 2019. LNBIP, vol. 354, pp. 96–108. Springer, Cham (2019). https://doi.org/10.1007/978-three-030-20482-2_9

    CrossRef  Google Scholar

  22. Jørgensen, F., Boer, H., Laugen, B.T.: CI implementation: an empirical test of the CI maturity model. Creat. Innov. Manag. 15(4), 328–337 (2006). https://doi.org/10.1111/j.1467-8691.2006.00404.ten. https://onlinelibrary.wiley.com/doi/abs/10.1111/j.1467-8691.2006.00404.10

    CrossRef  Google Scholar

  23. Karokola, G., Kowalski, S., Yngström, L.: Secure eastward-regime services: towards a framework for integrating it security services into e-government maturity models. In: 2011 Data Security for South Africa, pp. ane–9, August 2011. https://doi.org/x.1109/ISSA.2011.6027525. ISSN: 2330-9881

  24. Karokola, G., Kowalski, Due south., Yngström, L.: Towards an information security maturity model for secure due east-regime services: a stakeholders view. In: HAISA (2011)

    Google Scholar

  25. Klötzer, C., Pflaum, A.: Toward the development of a maturity model for digitalization within the manufacturing industry's supply chain. In: Hawaii International Conference on System Sciences 2017 (HICSS-50), January 2017. https://aisel.aisnet.org/hicss-50/in/digital_supply_chain/five

  26. Lasrado, F.: "How are we doing?" using a maturity model cess. Fostering Inventiveness and Innovation, pp. 89–126. Springer, Cham (2019). https://doi.org/10.1007/978-iii-319-99121-4_4

    CrossRef  Google Scholar

  27. Le, N.T., Hoang, D.B.: Can maturity models support cyber security? In: 2016 IEEE 35th International Operation Computing and Communications Conference (IPCCC), pp. i–7, December 2016. https://doi.org/10.1109/PCCC.2016.7820663. ISSN: 2374-9628

  28. Lebek, B., Uffen, J., Breitner, M.H., Neumann, Grand., Hohler, B.: Employees' information security sensation and behavior: a literature review. In: 2013 46th Hawaii International Conference on Organization Sciences, pp. 2978–2987, January 2013. https://doi.org/10.1109/HICSS.2013.192

  29. Lima, M.V.Yard., Lima, R.M.F., Lins, F.A.A.: A multi-perspective methodology for evaluating the security maturity of data centers. In: 2017 IEEE International Briefing on Systems, Man, and Cybernetics (SMC), pp. 1196–1201, October 2017. https://doi.org/10.1109/SMC.2017.8122775. ISSN: nothing

  30. Lutteroth, C., Luxton-Reilly, A., Dobbie, 1000., Hamer, J.: A maturity model for calculating teaching. In: Proceedings of the 9th Australasian Conference on Computing Teaching, ACE 2007, vol. 66. pp. 107–114. Australian Estimator Guild Inc., Ballarat, January 2007

    Google Scholar

  31. Marshall, Southward., Mitchell, G.: Applying spice to eastward-learning: an e-learning maturity model? In: Proceedings of the Sixth Australasian Briefing on Computing Education, ACE 2004, vol. 30. pp. 185–191. Australian Computer Society Inc., Australia (2004)

    Google Scholar

  32. Matrane, O., Talea, M.: A maturity model for information security management in small and medium-sized Moroccan enterprises: an empirical investigation. Int. J. Adv. Res. Comput. Sci. 5(6), 61–69 (2014)

    Google Scholar

  33. Matrane, O., Talea, M., Okar, C.: Towards a new maturity model for information security direction. Int. J. Adv. Res. Comput. Sci. Softw. Eng. four(6), 268–275 (2014)

    Google Scholar

  34. Montaño, D.E., Kasprzyk, D.: Theory of reasoned activeness, theory of planned behavior, and the integrated behavior model. In: Glanz, K., Rimer, B.K., Viswanath, K. (eds.) Health Behavior and Health Instruction, pp. 67–96. APA PsycNet (2008)

    Google Scholar

  35. Muthukrishnan, S.M., Palaniappan, Due south.: Security metrics maturity model for operational security. In: 2016 IEEE Symposium on Computer Applications Industrial Electronics (ISCAIE), pp. 101–106, May 2016. https://doi.org/10.1109/ISCAIE.2016.7575045. ISSN: null

  36. Park, J.O., Kim, S.G., Choi, B.H., Jun, M.S.: The study on the maturity measurement method of security management for ITSM. In: 2008 International Conference on Convergence and Hybrid It, pp. 826–830, Baronial 2008. https://doi.org/ten.1109/ICHIT.2008.251. ISSN: null

  37. Paulk, 1000.C., Curtis, B., Chrissis, M.B., Weber, C.: Adequacy maturity model for software (Version 1.ane). Technical report CMU/SEI-93-TR-024, Carnegie Mellon University (1993). https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=11955

  38. Rojas, R., Muedas, A., Mauricio, D.: Security maturity model of web applications for cyber attacks. In: Proceedings of the 3rd International Conference on Cryptography, Security and Privacy, ICCSP 2019, pp. 130–137. Clan for Calculating Machinery, Kuala Lumpur, January 2019. https://doi.org/10.1145/3309074.3309096

  39. Saleh, M.F.: Information security maturity model. Int. J. Comput. Sci. Secur. five(3), 316–337 (2011). https://www.cscjournals.org/library/manuscriptinfo.php?mc=IJCSS-497

    Google Scholar

  40. Sánchez, L.E., Villafranca, D., Fernández-Medina, E., Piattini, Chiliad.: Developing a maturity model for information organization security management within small-scale and medium size enterprises. In: Proceedings of the quaternary International Workshop on Security in Information Systems, pp. 256–266 (2006). https://world wide web.scitepress.org/PublicationsDetail.aspx?ID=HU/Pb1mEyuY=&t=ane

  41. Schütz, A.E.: Information security awareness: it'south time to change minds! In: Proceedings of International Conference on Applied Informatics Imagination, Creativity, Pattern, Development - ICDD 2018, Sibiu, Romania (2018)

    Google Scholar

  42. Schütz, A.E., Weber, K., Fertig, T.: Clarify earlier you sensitize: preparation of a targeted ISA grooming. In: 53rd Hawaii International Briefing on Organization Sciences (2020)

    Google Scholar

  43. Thomson, Grand.L., von Solms, R.: Towards an information security competence maturity model. Comput. Fraud Secur. 2006(5), 11–15 (2006). https://doi.org/ten.1016/S1361-3723(06)70356-6. http://www.sciencedirect.com/science/commodity/pii/S1361372306703566

    CrossRef  Google Scholar

  44. Wahlgren, G., Kowalski, Due south.: A maturity model for IT-related security incident direction. In: Abramowicz, W., Corchuelo, R. (eds.) BIS 2019. LNBIP, vol. 353, pp. 203–217. Springer, Cham (2019). https://doi.org/10.1007/978-three-030-20485-3_16

    CrossRef  Google Scholar

  45. Weber, Chiliad., Schütz, A.E.: ISIS12-Hack: Mitarbeitersensibilisierenstatt informieren. In: Drews, P., Funk, B., Niemeyer, P., Xie, L. (eds.) Multikonferenz Wirtschsinformatik 2018, vol. 4, pp. 1737–1748. Lüneburg, Germany (2018)

    Google Scholar

  46. Webster, J., Watson, R.T.: Analyzing the past to fix for the future: writing a literature review. MIS Q. 26(2), xiii–xxiii (2002). https://www.jstor.org/stable/4132319

  47. White, K.B.: The community cyber security maturity model. In: 2011 IEEE International Conference on Technologies for Homeland Security (HST), pp. 173–178, November 2011. https://doi.org/10.1109/THS.2011.6107866. ISSN: null

  48. Woodhouse, South.: An ISMS (Im)-maturity capability model. In: 2008 IEEE eighth International Conference on Computer and Information Applied science Workshops, pp. 242–247, July 2008. https://doi.org/10.1109/CIT.2008.Workshops.46

  49. Xiao-yan, G., Yu-qing, Y., Li-lei, L.: An information security maturity evaluation mode. Procedia Eng. 24, 335–339 (2011). https://doi.org/10.1016/j.proeng.2011.xi.2652. http://www.sciencedirect.com/science/article/pii/S1877705811055044

    CrossRef  Google Scholar

  50. Yulianto, South., Lim, C., Soewito, B.: Information security maturity model: a best exercise driven approach to PCI DSS compliance. In: 2016 IEEE Region 10 Symposium (TENSYMP), pp. 65–70, May 2016. https://doi.org/x.1109/TENCONSpring.2016.7519379. ISSN: aught

Download references

Acknowledgements

Tobias Fertig and Andreas Eastward. Schütz were supported by the BayWISS Consortium Digitization.

Author information

Affiliations

Corresponding writer

Correspondence to Tobias Fertig .

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Fertig, T., Schütz, A.E., Weber, G., Müller, North.H. (2020). Towards an Information Security Sensation Maturity Model. In: Zaphiris, P., Ioannou, A. (eds) Learning and Collaboration Technologies. Human and Technology Ecosystems. HCII 2020. Lecture Notes in Computer Science(), vol 12206. Springer, Cham. https://doi.org/10.1007/978-3-030-50506-6_40

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI : https://doi.org/ten.1007/978-3-030-50506-6_40

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-50505-9

  • Online ISBN: 978-iii-030-50506-6

  • eBook Packages: Reckoner Scientific discipline Information science (R0)

weiltheirl01.blogspot.com

Source: https://link.springer.com/chapter/10.1007/978-3-030-50506-6_40

0 Response to "Employees Information Security Awareness and Behavior a Literature Review"

Post a Comment

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel