Abstract
“Information security consciousness” (also cited in literature as awareness) is referred to the condition in which information systems users (end-users principally) in an organisation are well informed, prepared to – and committed – the security issues concerning the use of those systems. There is no doubt in doctrine that security of IS represents a central strategic matter. In adherence to Mathieson’s thought about the use of Information Systems (IS) information security consciousness is, within that view, of fundamental importance. It is foreseen by a number of studies that a higher level of consciousness should significantly reduce “user related faults” and maximize the overall information system. Understanding of the context and of the original reasons of users-level errors, are crucial to achieve, at a strategic level, the above mentioned goals. The motivation of different organisational levels, e.g., to comply with information security policies and procedures is an activity that falls into the “content category”. Technology Acceptance Model (TAM) of Davis and the Theory of Planned Behaviour of Ajzen are taken into account. Communication and moreover, the “persuasive communication” turned out to be one of the main key points. It is suggested that the persuasion strategy should start from communication of reasons and explanations, providing answers about rules and security procedures.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
McLean K (1992) Information security awareness – selling the cause. In Proceedings of the IFIP TC11/Sec'92, Singapore, 27–29 May
Perry WE (1985) Management strategies for computer security. Butterworth Publisher, Boston
Morwood G (1998) Business continuity: awareness and training programmes. Inf Manage Comput Secur 6(1):28–32
Parker DB (1998) Fighting computer crime – a new framework for protecting information. Wiley Computer Publishing, New York
Baskerville R (1989) Logical controls specification: an approach to information system security. In Klein H, Kumar K (eds) Systems development for human progress. North-Holland, Amsterdam
SSE-CMM (1998a) The Model, v2.0, http://www.sse-cmm.org
SSE-CMM (1998b) The Appraisal Method, v2.0. http://www.sse-cmm.org
Thomson ME, von Solms R (1998) Information security awareness: educating our users effectively. Inf Manage Comput Secur 6(4):21–39
Warman AR (1992) Organisational computer security policy: the reality, Eur J Inf Syst 1(5)
Bartol KM, Martin DC (1994) Management. McGraw-Hill, New York
Fishbein M, Ajzen I (1975) Belief, attitude, intention and behaviour: an introduction to theory and research. Addison-Wesley, Reading
Jaervinen P (1997) The new classification of research approaches. In: Zemanek H (ed) The IFIP pink summary – 35 years of IFIP. IFIP, Laxenburg
Davis F (1989) Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Q 13(3):189–211
Mathieson K (1991) Predicting user intentions: comparing the technology acceptance model with the theory of planned behaviour. Inf Syst Res 3(2):173–191
Adams DA, Nelson RR, Todd PA (1992) Perceived usefulness, easy of use, and usage of information technology: a replication. MIS Q 16(2):227–247
Locke EA (1991) The motivation sequence, the motivation hub, and the motivation core. Organ Behav Hum Decis Process 50:288–299
Ajzen I (1991) The theory of planned behaviour. Organ Behav Hum Decis Process 50:179–211
Straub DW, Welke RJ (1998) Coping with systems risk: security planning models for management decision making. MIS Q 22(4):441–469
Deci EL (1975) Intrinsic motivation. Plenum Press, New York
Deci EL, Ryan RM (1985) Intrinsic motivation and self-determination in human behaviour. Plenum Press, New York
Conner DL, Patterson RW (1982) Building commitment to organizational change. Train Dev J 36(4):18–30
Taylor WA (1995) Senior executives and ISO 9000: attitudes, behaviours and commitment. Int J Qual Reliab Manage 22(4):40–57
Spruit MEM (1998) Competing against human failing. In Proceedings of the 15th IFIP world computer congress. The global information society on the way to the next millennium. Proceedings of the SEC ‘98, TC11, Vienna
Senge PM (1990) The 5th discipline: the art and practice of the learning organization. Doubleday Currency, New York
Kohlberg L (1981) The philosophy of moral development: moral stages and the idea of justice. Harper and Row, San Francisco
Ceraolo JP (1996) Penetration testing through social engineering. Inf Syst Secur 4(4):34–57
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cavallari, M. (2010). Information Systems Security and End-User Consciousness – A Strategic Matter. In: D'Atri, A., De Marco, M., Braccini, A., Cabiddu, F. (eds) Management of the Interconnected World. Physica-Verlag HD. https://doi.org/10.1007/978-3-7908-2404-9_29
Download citation
DOI: https://doi.org/10.1007/978-3-7908-2404-9_29
Published:
Publisher Name: Physica-Verlag HD
Print ISBN: 978-3-7908-2403-2
Online ISBN: 978-3-7908-2404-9
eBook Packages: Business and EconomicsBusiness and Management (R0)