• Corpus ID: 31910096

End User Information Security Awareness Programs for Improving Information Security in Banking Organizations: Preliminary Results from an Exploratory Study

  title={End User Information Security Awareness Programs for Improving Information Security in Banking Organizations: Preliminary Results from an Exploratory Study},
  author={Stefan Bauer and Edward W. N. Bernroider and Katharina Chudzikowski},
The purpose of this research is to analyze information security awareness (ISA) programs and the measurement of ISA behavior in banking organizations. The underlying paper summarizes the qualitative and exploratory part of our two-staged mixed methods research on the improvement of employee security behavior concerning IT operational risks. IT operational loss events are often caused by undesirable security behavior of employees concerning information technology. Organizations conduct ISA… 

Tables from this paper

From Information Security Awareness to Reasoned Compliant Action

It is found that the attitude toward information security policy compliance, and not only social norms but also personal norms related to neutralization techniques, are all significant variables potentially mitigating the knowing-doing gap reported in related information security research.

The Effects of Awareness Programs on Information Security in Banks: The Roles of Protection Motivation and Monitoring

Based on partial least squares structural equation modeling analysis of 183 survey responses consisting of German bank employees, strong empirical evidence is found for the importance of ISA programs, protection motivation and monitoring.

Developing a Viral Artifact to Improve Employees’ Security Behavior

The purpose of this research is to develop a viral video artifact to improve employee security behavior concerning information technology.

Factors Influencing Information Security Policy Compliance Behavior

The model results showed that perceived threat, vulnerability, response cost, and efficiency had a significant effect on compliance but interestingly not for Self-Efficacy.

The Potential Factors Influencing Information Security Awareness on Phishing Attacks From Various Industries: A Systematic Literature Review (SLR)

This study will systematically analyse published research exploring factors that influencing information security awareness on phishing attacks in three major groups including personality traits, motivation and individual differences.

A Theoretical Foundation for Explaining and Predicting the Effectiveness of a Bring Your Own Device Program in Organizations

This study evaluates the applicability of Knapp and Ferrante’s Information Security Policy and Effectiveness (ISPE) model to explain and predict BYOD program deployment effectiveness and supports the use of the ISPE model to assess the effectiveness of a BYOD information security program deployment.

Refining the PoinTER "human firewall" pentesting framework

The authors propose the refined GDPR-compliant and privacy respecting PoinTER framework, a human pentesting framework, tailored to the needs of SMEs, based on a derived set of ethical principles that have been subjected to ethical scrutiny.

Towards online security : Key drivers of poor user behaviour and recommendations for appropriate interventions

  • J. .
  • Computer Science
  • 2014
In the quest to secure the online world, users are often referred to as the weakest link in online security since their behaviour could impact negatively on systems security.

Information security in the workplace: A mixed-methods approach to understanding and improving security behaviours

This thesis discusses the approaches to studying and conceptualizing security behaviour and theories of behaviour change used in security research, and its implications for policy and research.



User preference of cyber security awareness delivery methods

  • J. Abawajy
  • Computer Science
    Behav. Inf. Technol.
  • 2014
This study conducted information security awareness using text-based, game-based and video-based delivery methods and suggests that a combined delivery methods are better than individual security awareness delivery method.

Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study

This study proposes a training program based on two theories: the universal constructive instructional theory and the elaboration likelihood model and validate the training program for IS security policy compliance training through an action research project.

On security preparations against possible IS threats across industries

This study examines whether the security preparation of firms matches the severity of IS threats they perceive in developing countries, especially in issues concerning “people” and “administration”.

Beyond Technical Aspects of Information Security: Risk Culture as a Success Factor for IT Risk Management

This paper introduces risk culture as an essential component of an integrated IT risk management and presents a theoretically motivated framework for analyzing the construct risk culture and conducted a case study that underpins the crucial role of a vital risk culture in an organization.

A conceptual foundation for organizational information security awareness

  • M. Siponen
  • Computer Science
    Inf. Manag. Comput. Secur.
  • 2000
A conceptual foundation for information systems/organizational security awareness is constructed and a novel persuasion strategy aimed at increasing users’ commitment to security guidelines is presented.

Analysis of end user security behaviors

Security-related behavior in using information systems in the workplace: A review and synthesis