Quotation Bauer, Stefan, Bernroider, Edward, Chudzikowski, Katharina. 2017. Prevention is Better Than Cure! Designing Information Security Awareness Programs to Overcome Users' Non-Compliance with Information Security Policies in Banks. Computers and Security 68, 145-159.


RIS


BibTeX

Abstract

In organizations, users’ compliance with information security policies (ISP) is crucial for minimizing information security (IS) incidents. To improve users’ compliance, IS managers have implemented IS awareness (ISA) programs, which are systematically planned interventions to continuously transport security information to a target audience. The underlying research analyzes IS managers’ efforts to design effective ISA programs by comparing current design recommendations suggested by scientific literature with actual design practices of ISA programs in three banks. Moreover, this study addresses how users perceive ISA programs and related implications for compliant IS behavior. Empirically, we utilize a multiple case design to investigate three banks from Central and Eastern Europe. In total, 33 semi-structured interviews with IS managers and users were conducted and internal materials of ISA programs such as intranet messages and posters were also considered. The paper contributes to IS compliance research by offering a comparative and holistic view on ISA program design practices. Moreover, we identified influences on users’ perceptions centering on IS risks, responsibilities, ISP importance and knowledge, and neutralization behaviors. Finally, the study raises propositions regarding the relationship of ISA program designs and factors, which are likely to influence users’ ISP compliance.

Tags

Press 'enter' for creating the tag

Publication's profile

Status of publication Published
Affiliation WU
Type of publication Journal article
Journal Computers and Security
Citation Index SCI
WU-Journal-Rating new INF-A
Language English
Title Prevention is Better Than Cure! Designing Information Security Awareness Programs to Overcome Users' Non-Compliance with Information Security Policies in Banks
Volume 68
Year 2017
Page from 145
Page to 159
Reviewed? Y
URL http://www.sciencedirect.com/science/article/pii/S0167404817300871
DOI http://dx.doi.org/10.1016/j.cose.2017.04.009

Associations

Projects
IT Operational Risk Awareness Building in Banking Organizations
People
Bernroider, Edward (Details)
External
Bauer, Stefan (k.a., Austria)
Chudzikowski, Katharina (University of Bath, United Kingdom)
Organization
Information Systems and Operations DP (Details)
Research Institute for Computational Methods FI (Details)
Institute for Information Management and Control IN (Details)
Research areas (Ă–STAT Classification 'Statistik Austria')
5306 Business data processing (Details)
5367 Management information systems (Details)
5405 Empirical social research (Details)
5937 Information systems (Details)
5943 Risk research (Details)
Google Scholar: Search