This study contributes to an ongoing debate on information security compliance and information security awareness (ISA) programs. The research aims to explore the influence of the internal and external organizational context on the characteristics and management of ISA programs in banks. Thereby, it contributes to state-of the art research by revealing tense relationships concerning compliant security behavior from certain stakeholders groups. These conflicts reflect individual aspects, which contradict ISA programs’ efforts and hence affect employees’ compliant information security behavior. Empirically, we utilized an embedded multiple case design to investigate three units of analysis, three banks from Central and Eastern Europe. We conducted in total 37 semi-structured interviews with employees in the mentioned case banks. From a practical perspective, a better understanding of the processes on how awareness programs are managed, might provide some insights to build upon for improving ISA programs in dealing with IS risks and threats. Our findings provide empirical evidence for the consideration of how internal and external factors context in managing ISA programs matter for research and practice. Moreover, the study highlights specific characteristics of ISA programs such as the use of role models or involvement through participation. The research appeals for a more granulated stakeholder concept in ISA programs, which decomposes tense relationships and conflicts.
|Title of host publication||Proceedings of AMCIS|
|Publication status||Published - 2015|
|Event||Proceedings of the Americas Conference on Information Systems (AMCIS) - Puerto Rico, USA United States|
Duration: 13 Aug 2015 → 15 Aug 2015
|Conference||Proceedings of the Americas Conference on Information Systems (AMCIS)|
|Country||USA United States|
|Period||13/08/15 → 15/08/15|