End User Information Security Awareness Programs for Improving Information Security in Banking Organizations: Preliminary Results from an Exploratory Study

Stefan Bauer, Edward Bernroider, Katharina Chudzikowski

Research output: Contribution to conferencePaperpeer-review

Abstract

The purpose of this research is to analyze information security awareness (ISA) programs and the measurement of ISA behavior in banking organizations. The underlying paper summarizes the qualitative and exploratory part of our two-staged mixed methods research on the improvement of employee security behavior concerning IT operational risks. IT operational loss events are often caused by undesirable security behavior of employees concerning information technology. Organizations conduct ISA programs to build employees’ security awareness concerning information technology to prevent IT operational loss events. Ten semi-structured qualitative expert interviews were carried out to explore potentials for improvement of ISA programs. Our findings focus on the character of ISA delivery methods and the implemented controls for these methods. Further research should shed light on the effectiveness of experimental and proactive ISA controlling. The outcome provides input for practice in the area of ISA building in the financial sector.
Original languageEnglish
Number of pages33
Publication statusPublished - 14 Dec 2013
Event AIS SIGSEC Workshop on Information Security & Privacy (WISP2013) - Milano, Italy
Duration: 14 Dec 201314 Dec 2013

Workshop

Workshop AIS SIGSEC Workshop on Information Security & Privacy (WISP2013)
Country/TerritoryItaly
CityMilano
Period14/12/1314/12/13

Bibliographical note

Proceedings of the Eighth Pre-ICIS Workshop on Information Security and Privacy, Milano, December 14, 2013

Fingerprint

Dive into the research topics of 'End User Information Security Awareness Programs for Improving Information Security in Banking Organizations: Preliminary Results from an Exploratory Study'. Together they form a unique fingerprint.

Cite this