Prevention is better than cure! Designing information security awareness programs to overcome users' non-compliance with information security policies in banks

Bauer, Stefan and Bernroider, Edward ORCID: https://orcid.org/0000-0003-4787-8358 and Chudzikowski, Katharina (2017) Prevention is better than cure! Designing information security awareness programs to overcome users' non-compliance with information security policies in banks. Computers & Security, 68. pp. 145-159. ISSN 01674048

[img]
Preview
PDF
1-s2.0-S0167404817300871-main.pdf
Available under License Creative Commons: Attribution 4.0 International (CC BY 4.0).

Download (754kB)

Abstract

In organizations, users' compliance with information security policies (ISP) is crucial for minimizing information security (IS) incidents. To improve users' compliance, IS managers have implemented IS awareness (ISA) programs, which are systematically planned interventions to continuously transport security information to a target audience. The underlying research analyzes IS managers' efforts to design effective ISA programs by comparing current design recommendations suggested by scientific literature with actual design practices of ISA programs in three banks. Moreover, this study addresses how users perceive ISA programs and related implications for compliant IS behavior. Empirically, we utilize a multiple case design to investigate three banks from Central and Eastern Europe. In total, 33 semi-structured interviews with IS managers and users were conducted and internal materials of ISA programs such as intranet messages and posters were also considered. The paper contributes to IS compliance research by offering a comparative and holistic view on ISA program design practices. Moreover, we identified influences on users' perceptions centering on IS risks, responsibilities, ISP importance and knowledge, and neutralization behaviors. Finally, the study raises propositions regarding the relationship of ISA program designs and factors, which are likely to influence users' ISP compliance.

Item Type: Article
Keywords: Information Security Awareness; Design Recommendations for Information Security Awareness Programs; Users' ISP Compliance; Information Security Awareness Programs; User Perceptions
Version of the Document: Published
Variance from Published Version: None
Depositing User: ePub Administrator
Date Deposited: 04 May 2017 09:42
Last Modified: 07 Jun 2019 14:58
Related URLs:
FIDES Link: https://bach.wu.ac.at/d/research/results/81240/
URI: https://bach-s59.wu.ac.at/id/eprint/5536

Actions

View Item View Item

Downloads

Downloads per month over past year

View more statistics