Mind the Threat! A Qualitative Case Study on Managing Information Security Awareness Programs in Central and Eastern European Banks.

Research output: Chapter or section in a book/report/conference proceedingChapter in a published conference proceeding

Abstract

This study contributes to an ongoing debate on information security compliance and information security awareness (ISA) programs. The research aims to explore the influence of the internal and external organizational context on the characteristics and management of ISA programs in banks. Thereby, it contributes to state-of the art research by revealing tense relationships concerning compliant security behavior from certain stakeholders groups. These conflicts reflect individual aspects, which contradict ISA programs’ efforts and hence affect employees’ compliant information security behavior. Empirically, we utilized an embedded multiple case design to investigate three units of analysis, three banks from Central and Eastern Europe. We conducted in total 37 semi-structured interviews with employees in the mentioned case banks. From a practical perspective, a better understanding of the processes on how awareness programs are managed, might provide some insights to build upon for improving ISA programs in dealing with IS risks and threats. Our findings provide empirical evidence for the consideration of how internal and external factors context in managing ISA programs matter for research and practice. Moreover, the study highlights specific characteristics of ISA programs such as the use of role models or involvement through participation. The research appeals for a more granulated stakeholder concept in ISA programs, which decomposes tense relationships and conflicts.
Original languageEnglish
Title of host publicationProceedings of AMCIS
Publication statusPublished - 2015
EventProceedings of the Americas Conference on Information Systems (AMCIS) - Puerto Rico, USA United States
Duration: 13 Aug 201515 Aug 2015

Conference

ConferenceProceedings of the Americas Conference on Information Systems (AMCIS)
Country/TerritoryUSA United States
CityPuerto Rico
Period13/08/1515/08/15

Fingerprint

Dive into the research topics of 'Mind the Threat! A Qualitative Case Study on Managing Information Security Awareness Programs in Central and Eastern European Banks.'. Together they form a unique fingerprint.

Cite this