Online from: 1982
Subject Area: Information and Knowledge Management
Options: To add Favourites and Table of Contents Alerts please take a Emerald profile
|Title:||Analyzing trajectories of information security awareness|
|Author(s):||Aggeliki Tsohou, (Department of Information and Communication Systems Engineering, University of the Aegean, Samos, Greece), Maria Karyda, (Department of Information and Communication Systems Engineering, University of the Aegean, Samos, Greece), Spyros Kokolakis, (Department of Information and Communication Systems Engineering, University of the Aegean, Samos, Greece), Evangelos Kiountouzis, (Department of Informatics, Athens University of Economics and Business, Athens, Greece)|
|Citation:||Aggeliki Tsohou, Maria Karyda, Spyros Kokolakis, Evangelos Kiountouzis, (2012) "Analyzing trajectories of information security awareness", Information Technology & People, Vol. 25 Iss: 3, pp.327 - 352|
|Keywords:||Actor network theory, Data security, Due process, Information management, Information security awareness, Information security management|
|Article type:||Research paper|
|DOI:||10.1108/09593841211254358 (Permanent URL)|
|Publisher:||Emerald Group Publishing Limited|
|Acknowledgements:||The authors would like to thank the management and employees of the ISPO for their help and valuable contribution to this research. Moreover, the authors would like to thank the Editor and both referees for their valuable comments and suggestions.|
Purpose – Recent global security surveys indicate that security training and awareness programs are not working as well as they could be and that investments made by organizations are inadequate. The purpose of the paper is to increase understanding of this phenomenon and illuminate the problems that organizations face when trying to establish an information security awareness program.
Design/methodology/approach – Following an interpretive approach the authors apply a case study method and employ actor network theory (ANT) and the due process for analyzing findings.
Findings – The paper contributes to both understanding and managing security awareness programs in organizations, by providing a framework that enables the analysis of awareness activities and interactions with the various organizational processes and events.
Practical implications – The application of ANT still remains a challenge for researchers since no practical method or guide exists. In this paper the application of ANT through the due process model extension is enhanced and practically presented. This exploration highlights the fact that information security awareness initiatives involve different stakeholders, with often conflicting interests. Practitioners must acquire, additionally to technical skills, communication, negotiation and management skills in order to address the related organizational and managerial issues. Moreover, the results of this inquiry reveal that the role of artifacts used within the awareness process is not neutral but can actively affect it.
Originality/value – This study is one of the first to examine information security awareness as a managerial and socio-technical process within an organizational context.
To purchase this item please login or register.
Complete and print this form to request this document from your librarian