Advanced Search
Journal search
Journal cover: Information Management & Computer Security

Information Management & Computer Security

ISSN: 0968-5227

Online from: 1993

Subject Area: Information and Knowledge Management

Content: Latest Issue | icon: RSS Latest Issue RSS | Previous Issues

Options: To add Favourites and Table of Contents Alerts please take a Emerald profile

Previous article.Icon: Print.Table of Contents.Next article.Icon: .

A conceptual foundation for organizational information security awareness

Document Information:
Title:A conceptual foundation for organizational information security awareness
Author(s):Mikko T. Siponen, (University of Oulu, Department of Information Processing Science, Finland)
Citation:Mikko T. Siponen, (2000) "A conceptual foundation for organizational information security awareness", Information Management & Computer Security, Vol. 8 Iss: 1, pp.31 - 41
Keywords:Computer security, Data security, Education, Information systems
Article type:Literature review
DOI:10.1108/09685220010371394 (Permanent URL)
Publisher:MCB UP Ltd
Abstract:The current approaches in terms of information security awareness and education are descriptive (i.e. they are not accomplishment-oriented nor do they recognize the factual/normative dualism); and current research has not explored the possibilities offered by motivation/behavioural theories. The first situation, level of descriptiveness, is deemed to be questionable because it may prove eventually that end-users fail to internalize target goals and do not follow security guidelines, for example – which is inadequate. Moreover, the role of motivation in the area of information security is not considered seriously enough, even though its role has been widely recognised. To tackle such weaknesses, this paper constructs a conceptual foundation for information systems/organizational security awareness. The normative and prescriptive nature of end-user guidelines will be considered. In order to understand human behaviour, the behavioural science framework, consisting in intrinsic motivation, a theory of planned behaviour and a technology acceptance model, will be depicted and applied. Current approaches (such as the campaign) in the area of information security awareness and education will be analysed from the viewpoint of the theoretical framework, resulting in information on their strengths and weaknesses. Finally, a novel persuasion strategy aimed at increasing users’ commitment to security guidelines is presented.

Fulltext Options:



Existing customers: login
to access this document


- Forgot password?
- Athens/Institutional login



Downloadable; Printable; Owned
HTML, PDF (159kb)Purchase

To purchase this item please login or register.


- Forgot password?

Recommend to your librarian

Complete and print this form to request this document from your librarian

Marked list

Bookmark & share

Reprints & permissions