Information security awareness maturity: conceptual and practical aspects in Hungarian organizations

A. Kő, G. Tarján, A. Mitev
{"title":"Information security awareness maturity: conceptual and practical aspects in Hungarian organizations","authors":"A. Kő, G. Tarján, A. Mitev","doi":"10.1108/itp-11-2021-0849","DOIUrl":null,"url":null,"abstract":"PurposeThis paper aims to provide a maturity model for information security awareness (MMISA), based on the literature, expert interviews and feedback. In addition to developing the MMISA, the authors investigate the role of the three decisive factors that affect ISA maturity level: risk management mechanism, organizational structure and ISA.Design/methodology/approachThe research methodology is a combined one; qualitative and quantitative methods were applied, including surveying the literature, interviews and developing a survey to collect quantitative data about decisive factors that affect ISA maturity level. The authors perform a variance-based partial least squares-structural equation modeling (PLS-SEM) investigation of the relationships between these factors.FindingsThe investigation of decisive factors of ISA maturity levels revealed that if the authors identify a strong risk assessment mechanism (through a documented methodology and reliable results), the authors can expect a high level of ISA. If there is a well-defined organizational structure with clear responsibilities, this supports the linking of a risk management mechanism with the level of ISA. The connection between organizational structure and ISA maturity level is supported by ISA activities: an increased level of awareness actions strengthens an organizational structure via the best practices learned by the staff.Originality/valueThe main contribution of the proposed MMISA model is that the model offers controls and audit evidence for maturity levels. Beyond that, the authors distinguish in the MMISA model controls supporting knowledge and controls supporting attitude, emphasizing that this is not enough to know what to do, but the proper attitude is required too. The authors didn't find any other ISA maturity model which has a similar feature. The contribution of the authors' work is that the authors provide a method for solving this complex measurement problem via the MMISA, which also offers direct guidance for the daily practices of organizations.","PeriodicalId":168000,"journal":{"name":"Information Technology & People","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-07-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Technology & People","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1108/itp-11-2021-0849","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

PurposeThis paper aims to provide a maturity model for information security awareness (MMISA), based on the literature, expert interviews and feedback. In addition to developing the MMISA, the authors investigate the role of the three decisive factors that affect ISA maturity level: risk management mechanism, organizational structure and ISA.Design/methodology/approachThe research methodology is a combined one; qualitative and quantitative methods were applied, including surveying the literature, interviews and developing a survey to collect quantitative data about decisive factors that affect ISA maturity level. The authors perform a variance-based partial least squares-structural equation modeling (PLS-SEM) investigation of the relationships between these factors.FindingsThe investigation of decisive factors of ISA maturity levels revealed that if the authors identify a strong risk assessment mechanism (through a documented methodology and reliable results), the authors can expect a high level of ISA. If there is a well-defined organizational structure with clear responsibilities, this supports the linking of a risk management mechanism with the level of ISA. The connection between organizational structure and ISA maturity level is supported by ISA activities: an increased level of awareness actions strengthens an organizational structure via the best practices learned by the staff.Originality/valueThe main contribution of the proposed MMISA model is that the model offers controls and audit evidence for maturity levels. Beyond that, the authors distinguish in the MMISA model controls supporting knowledge and controls supporting attitude, emphasizing that this is not enough to know what to do, but the proper attitude is required too. The authors didn't find any other ISA maturity model which has a similar feature. The contribution of the authors' work is that the authors provide a method for solving this complex measurement problem via the MMISA, which also offers direct guidance for the daily practices of organizations.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
信息安全意识成熟度:匈牙利组织的概念和实践方面
目的基于文献资料、专家访谈和反馈,构建信息安全意识成熟度模型。在开发MMISA的基础上,研究了影响ISA成熟度水平的三个决定性因素:风险管理机制、组织结构和ISA的作用。研究方法是一种综合的方法;采用定性和定量方法,包括文献调查、访谈和开展调查,收集影响ISA成熟度水平的决定性因素的定量数据。作者执行基于方差的偏最小二乘结构方程模型(PLS-SEM)调查这些因素之间的关系。对ISA成熟度水平的决定性因素的调查表明,如果作者确定了强有力的风险评估机制(通过文档化的方法和可靠的结果),作者可以期望获得高水平的ISA。如果有一个具有明确职责的良好定义的组织结构,这将支持将风险管理机制与ISA级别联系起来。组织结构和ISA成熟度级别之间的联系得到ISA活动的支持:通过员工学习到的最佳实践,意识活动水平的提高加强了组织结构。原创性/价值所建议的MMISA模型的主要贡献是该模型为成熟度级别提供了控制和审计证据。除此之外,作者在MMISA模型中区分了控制支持知识和控制支持态度,强调仅仅知道做什么是不够的,还需要适当的态度。作者没有发现任何其他ISA成熟度模型具有类似的特性。作者的工作贡献在于,作者提供了一种通过MMISA解决这一复杂度量问题的方法,也为组织的日常实践提供了直接指导。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Unraveling the factors that influence connectedness and relationship performance with augmented reality apps Audience analytics and tensions in digital news work: evidence from Swiss news media Unraveling the dark side of ChatGPT: a moderated mediation model of technology anxiety and technostress See it, share it: what makes social media content viral in the higher education context? The power of positive affective content Behavioral dedication, constraint or obligation? A tripartite model of active participation in multiplayer online battle arena game community
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1