Employees Information Security Awareness and Behavior a Literature Review
Abstract
In guild to achieve continuous improvement Maturity Models (MM) are ofttimes used to assess the abilities of employees. Moreover, the continuous improvement is also required in the field of Data Security Awareness (ISA). This is due to the fact, that ISA trainings have to be repeated frequently in order to keep the level of sensation of the employees upwards and to stay in their listen. Within our inquiry project, nosotros are using the Integrated Behavorial Model (IBM) equally definition of ISA. The IBM includes many different aspects like knowledge, attitude, and habit. We carried out a systematic literature review to determine if a MM based on the IBM can be defined to assess the maturity of ISA. Since the IBM covers aspects of psychology, we did not only search for MM for information security, since the human gene is often neglected. Moreover, the awareness is often but assessed via the knowledge of employees. However, knowledge is only i aspect of the IBM. At the end, none of the uncovered MMs considers all aspects of the IBM. In contrast to MM for information security, MM of other fields of research are considering psychological aspects if they are dealing with homo factors. Therefore, information technology is possible to create a MM based on the IBM for ISA. Moreover, we tin can easily derive some of the used assessments for our MM.
Keywords
- Information Security Sensation
- Measuring
- Maturity Models
- Metrics
- Automated measuring
References
-
Aggestam, 50.: Towards a maturity model for learning organizations - the role of noesis direction. In: 17th International Workshop on Database and Good Systems Applications (DEXA 2006), pp. 141–145, September 2006. https://doi.org/10.1109/DEXA.2006.138. ISSN: 2378-3915
-
Almuhammadi, S., Alsaleh, M.: Data security maturity model for Nist cyber security framework. In: ICIT 2017 (2017). https://doi.org/10.5121/csit.2017.70305
-
Bada, 1000., Sasse, A.M., Nurse, J.R.: Cyber security awareness campaigns: why practise they fail to modify behaviour? Global Cyber Security Capacity Centre: Typhoon Working Paper, pp. 188–131 (2014)
-
Barclay, C.: Sustainable security advantage in a changing surroundings: the cybersecurity capability maturity model (CM2). In: Proceedings of the 2014 ITU Kaleidoscope Academic Conference: Living in a Converged World - Impossible Without Standards? pp. 275–282, June 2014. https://doi.org/10.1109/Kaleidoscope.2014.6858466. ISSN: null
-
Boughzala, I., Vreede, T.D., Nguyen, C., Vreede, Thousand.J.D.: Towards a maturity model for the assessment of ideation in crowdsourcing projects. In: 2014 47th Hawaii International Conference on Arrangement Sciences, pp. 483–490, January 2014. https://doi.org/ten.1109/HICSS.2014.67. ISSN: 1530-1605
-
Brocke, J.Five., Simons, A., Niehaves, B., Riemer, K., Plattfaut, R., Cleven, A.: Reconstructing the giant: on the importance of rigour in documenting the literature search process. In: ECIS (2009)
-
de Bruin, R., von Solms, S.H.: Modelling cyber security governance maturity. In: 2015 IEEE International Symposium on Technology and Society (ISTAS), pp. one–eight, November 2015. https://doi.org/ten.1109/ISTAS.2015.7439415. ISSN: 2158-3412
-
de Bruin, R., von Solms, S.H.: Cybersecurity governance: how can we measure it? In: 2016 IST-Africa Week Conference, pp. 1–ix, May 2016. https://doi.org/10.1109/ISTAFRICA.2016.7530578. ISSN: goose egg
-
Canal, V.A.: ISM3 i.0. Information security management maturity model. Institute for Security and Open Methodologies (2004)
-
Carvalho, J.5., Rocha, A., van de Wetering, R., Abreu, A.: A maturity model for infirmary information systems. J. Bus. Res. 94, 388–399 (2019). https://doi.org/10.1016/j.jbusres.2017.12.012. http://www.sciencedirect.com/science/article/pii/S0148296317305076
-
Cornu, C., Chapurlat, V., Quiot, J.M., Irigoin, F.: A maturity model for the deployment of Systems Engineering processes. In: 2012 IEEE International Systems Conference SysCon 2012, pp. 1–six, March 2012. https://doi.org/10.1109/SysCon.2012.6189535. ISSN: nix
-
Da Veiga, A., Martins, Northward.: Information security culture and information protection civilisation: a validated assessment instrument. Comput. Law Secur. Rev. 31(2), 243–256 (2015). https://doi.org/10.1016/j.clsr.2015.01.005. http://www.sciencedirect.com/science/commodity/pii/S0267364915000060
-
Dzazali, S., Sulaiman, A., Zolait, A.H.: Information security landscape and maturity level: case report of Malaysian public service (MPS) organizations. Gov. Inf. Q. 26(4), 584–593 (2009). https://doi.org/10.1016/j.giq.2009.04.004. http://www.sciencedirect.com/science/article/pii/S0740624X09000859
-
Fertig, T., Schütz, A.: Nigh the measuring of information security awareness: a systematic literature review. In: 53rd Hawaii International Conference on Organization Sciences, Jan 2020. http://scholarspace.manoa.hawaii.edu/handle/10125/64540
-
Ghaffari, F., Arabsorkhi, A.: A new adaptive cyber-security capability maturity model. In: 2018 9th International Symposium on Telecommunications (IST), pp. 298–304, December 2018. https://doi.org/10.1109/IS.2018.8661018. ISSN: null
-
Gundu, T., Flowerday, S., Renaud, Chiliad.: Evangelize security sensation preparation, and then echo: deliver; measure out efficacy. In: 2019 Conference on Information Communications Engineering and Club (ICTAS), pp. 1–half-dozen, March 2019. https://doi.org/10.1109/ICTAS.2019.8703523
-
Hänsch, N., Benenson, Z.: Specifying IT security awareness. In: 2014 25th International Workshop on Database and Expert Systems Applications, pp. 326–330, September 2014. https://doi.org/x.1109/DEXA.2014.71
-
Harigopal, U., Satyadas, A.: Cognizant enterprise maturity model (CEMM). IEEE Trans. Syst. Homo Cybern. Office C (Appl. Rev.) 31(four), 449–459 (2001). https://doi.org/x.1109/5326.983928
-
Helisch, M., Pokoyski, D.: Security sensation: Neue Wege zur erfolgreichen Mitarbeiter-Sensibilisierung. Vieweg+Teubner Verlag/GWV Fachverlage GmbH Wiesbaden, Wiesbaden (2009). https://doi.org/10.1007/978-3-8348-9594-3
-
Ifenthaler, D., Egloffstein, K.: Development and implementation of a maturity model of digital transformation. TechTrends 64, 302–309 (2019). https://doi.org/x.1007/s11528-019-00457-four
-
Jacob, A., Teuteberg, F.: Evolution of a social media maturity model for logistics service providers. In: Abramowicz, Westward., Corchuelo, R. (eds.) BIS 2019. LNBIP, vol. 354, pp. 96–108. Springer, Cham (2019). https://doi.org/10.1007/978-three-030-20482-2_9
-
Jørgensen, F., Boer, H., Laugen, B.T.: CI implementation: an empirical test of the CI maturity model. Creat. Innov. Manag. 15(4), 328–337 (2006). https://doi.org/10.1111/j.1467-8691.2006.00404.ten. https://onlinelibrary.wiley.com/doi/abs/10.1111/j.1467-8691.2006.00404.10
-
Karokola, G., Kowalski, S., Yngström, L.: Secure eastward-regime services: towards a framework for integrating it security services into e-government maturity models. In: 2011 Data Security for South Africa, pp. ane–9, August 2011. https://doi.org/x.1109/ISSA.2011.6027525. ISSN: 2330-9881
-
Karokola, G., Kowalski, Due south., Yngström, L.: Towards an information security maturity model for secure due east-regime services: a stakeholders view. In: HAISA (2011)
-
Klötzer, C., Pflaum, A.: Toward the development of a maturity model for digitalization within the manufacturing industry's supply chain. In: Hawaii International Conference on System Sciences 2017 (HICSS-50), January 2017. https://aisel.aisnet.org/hicss-50/in/digital_supply_chain/five
-
Lasrado, F.: "How are we doing?" using a maturity model cess. Fostering Inventiveness and Innovation, pp. 89–126. Springer, Cham (2019). https://doi.org/10.1007/978-iii-319-99121-4_4
-
Le, N.T., Hoang, D.B.: Can maturity models support cyber security? In: 2016 IEEE 35th International Operation Computing and Communications Conference (IPCCC), pp. i–7, December 2016. https://doi.org/10.1109/PCCC.2016.7820663. ISSN: 2374-9628
-
Lebek, B., Uffen, J., Breitner, M.H., Neumann, Grand., Hohler, B.: Employees' information security sensation and behavior: a literature review. In: 2013 46th Hawaii International Conference on Organization Sciences, pp. 2978–2987, January 2013. https://doi.org/10.1109/HICSS.2013.192
-
Lima, M.V.Yard., Lima, R.M.F., Lins, F.A.A.: A multi-perspective methodology for evaluating the security maturity of data centers. In: 2017 IEEE International Briefing on Systems, Man, and Cybernetics (SMC), pp. 1196–1201, October 2017. https://doi.org/10.1109/SMC.2017.8122775. ISSN: nothing
-
Lutteroth, C., Luxton-Reilly, A., Dobbie, 1000., Hamer, J.: A maturity model for calculating teaching. In: Proceedings of the 9th Australasian Conference on Computing Teaching, ACE 2007, vol. 66. pp. 107–114. Australian Estimator Guild Inc., Ballarat, January 2007
-
Marshall, Southward., Mitchell, G.: Applying spice to eastward-learning: an e-learning maturity model? In: Proceedings of the Sixth Australasian Briefing on Computing Education, ACE 2004, vol. 30. pp. 185–191. Australian Computer Society Inc., Australia (2004)
-
Matrane, O., Talea, M.: A maturity model for information security management in small and medium-sized Moroccan enterprises: an empirical investigation. Int. J. Adv. Res. Comput. Sci. 5(6), 61–69 (2014)
-
Matrane, O., Talea, M., Okar, C.: Towards a new maturity model for information security direction. Int. J. Adv. Res. Comput. Sci. Softw. Eng. four(6), 268–275 (2014)
-
Montaño, D.E., Kasprzyk, D.: Theory of reasoned activeness, theory of planned behavior, and the integrated behavior model. In: Glanz, K., Rimer, B.K., Viswanath, K. (eds.) Health Behavior and Health Instruction, pp. 67–96. APA PsycNet (2008)
-
Muthukrishnan, S.M., Palaniappan, Due south.: Security metrics maturity model for operational security. In: 2016 IEEE Symposium on Computer Applications Industrial Electronics (ISCAIE), pp. 101–106, May 2016. https://doi.org/10.1109/ISCAIE.2016.7575045. ISSN: null
-
Park, J.O., Kim, S.G., Choi, B.H., Jun, M.S.: The study on the maturity measurement method of security management for ITSM. In: 2008 International Conference on Convergence and Hybrid It, pp. 826–830, Baronial 2008. https://doi.org/ten.1109/ICHIT.2008.251. ISSN: null
-
Paulk, 1000.C., Curtis, B., Chrissis, M.B., Weber, C.: Adequacy maturity model for software (Version 1.ane). Technical report CMU/SEI-93-TR-024, Carnegie Mellon University (1993). https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=11955
-
Rojas, R., Muedas, A., Mauricio, D.: Security maturity model of web applications for cyber attacks. In: Proceedings of the 3rd International Conference on Cryptography, Security and Privacy, ICCSP 2019, pp. 130–137. Clan for Calculating Machinery, Kuala Lumpur, January 2019. https://doi.org/10.1145/3309074.3309096
-
Saleh, M.F.: Information security maturity model. Int. J. Comput. Sci. Secur. five(3), 316–337 (2011). https://www.cscjournals.org/library/manuscriptinfo.php?mc=IJCSS-497
-
Sánchez, L.E., Villafranca, D., Fernández-Medina, E., Piattini, Chiliad.: Developing a maturity model for information organization security management within small-scale and medium size enterprises. In: Proceedings of the quaternary International Workshop on Security in Information Systems, pp. 256–266 (2006). https://world wide web.scitepress.org/PublicationsDetail.aspx?ID=HU/Pb1mEyuY=&t=ane
-
Schütz, A.E.: Information security awareness: it'south time to change minds! In: Proceedings of International Conference on Applied Informatics Imagination, Creativity, Pattern, Development - ICDD 2018, Sibiu, Romania (2018)
-
Schütz, A.E., Weber, K., Fertig, T.: Clarify earlier you sensitize: preparation of a targeted ISA grooming. In: 53rd Hawaii International Briefing on Organization Sciences (2020)
-
Thomson, Grand.L., von Solms, R.: Towards an information security competence maturity model. Comput. Fraud Secur. 2006(5), 11–15 (2006). https://doi.org/ten.1016/S1361-3723(06)70356-6. http://www.sciencedirect.com/science/commodity/pii/S1361372306703566
-
Wahlgren, G., Kowalski, Due south.: A maturity model for IT-related security incident direction. In: Abramowicz, W., Corchuelo, R. (eds.) BIS 2019. LNBIP, vol. 353, pp. 203–217. Springer, Cham (2019). https://doi.org/10.1007/978-three-030-20485-3_16
-
Weber, Chiliad., Schütz, A.E.: ISIS12-Hack: Mitarbeitersensibilisierenstatt informieren. In: Drews, P., Funk, B., Niemeyer, P., Xie, L. (eds.) Multikonferenz Wirtschsinformatik 2018, vol. 4, pp. 1737–1748. Lüneburg, Germany (2018)
-
Webster, J., Watson, R.T.: Analyzing the past to fix for the future: writing a literature review. MIS Q. 26(2), xiii–xxiii (2002). https://www.jstor.org/stable/4132319
-
White, K.B.: The community cyber security maturity model. In: 2011 IEEE International Conference on Technologies for Homeland Security (HST), pp. 173–178, November 2011. https://doi.org/10.1109/THS.2011.6107866. ISSN: null
-
Woodhouse, South.: An ISMS (Im)-maturity capability model. In: 2008 IEEE eighth International Conference on Computer and Information Applied science Workshops, pp. 242–247, July 2008. https://doi.org/10.1109/CIT.2008.Workshops.46
-
Xiao-yan, G., Yu-qing, Y., Li-lei, L.: An information security maturity evaluation mode. Procedia Eng. 24, 335–339 (2011). https://doi.org/10.1016/j.proeng.2011.xi.2652. http://www.sciencedirect.com/science/article/pii/S1877705811055044
-
Yulianto, South., Lim, C., Soewito, B.: Information security maturity model: a best exercise driven approach to PCI DSS compliance. In: 2016 IEEE Region 10 Symposium (TENSYMP), pp. 65–70, May 2016. https://doi.org/x.1109/TENCONSpring.2016.7519379. ISSN: aught
Acknowledgements
Tobias Fertig and Andreas Eastward. Schütz were supported by the BayWISS Consortium Digitization.
Author information
Affiliations
Corresponding writer
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Fertig, T., Schütz, A.E., Weber, G., Müller, North.H. (2020). Towards an Information Security Sensation Maturity Model. In: Zaphiris, P., Ioannou, A. (eds) Learning and Collaboration Technologies. Human and Technology Ecosystems. HCII 2020. Lecture Notes in Computer Science(), vol 12206. Springer, Cham. https://doi.org/10.1007/978-3-030-50506-6_40
Download citation
- .RIS
- .ENW
- .BIB
-
DOI : https://doi.org/ten.1007/978-3-030-50506-6_40
-
Published:
-
Publisher Name: Springer, Cham
-
Print ISBN: 978-3-030-50505-9
-
Online ISBN: 978-iii-030-50506-6
-
eBook Packages: Reckoner Scientific discipline Information science (R0)
Source: https://link.springer.com/chapter/10.1007/978-3-030-50506-6_40
0 Response to "Employees Information Security Awareness and Behavior a Literature Review"
Post a Comment