Start Date
10-12-2017 12:00 AM
Description
Despite the widely recognized importance of top managers’ IT security awareness for effective IT security management, previous research has paid little attention to its complex nature. Against this backdrop, we conducted a structured literature review to identify and organize factors that have been found to determine managerial IT security awareness. Particularly, a systematic consolidation of the literature streams in combination with expert interviews and Q-sorting revealed that individual- and organization-related factors form two distinct dimensions of managers’ IT security awareness. Within the qualitative evaluation, we identified two supplementary factors (one in each dimension). Further, we found that the awareness of both top managers and managers at the department level is crucial for effective IT security management. Our proposed conceptualization will enable both researchers and practitioners to better understand managers’ IT security awareness and to subsequently develop interventions dedicated at improving managers’ awareness and thus the effectiveness of IT security management.
Recommended Citation
Sonnenschein, Rabea; Loske, André; and Buxmann, Peter, "The Role of Top Managers’ IT Security Awareness in Organizational IT Security Management" (2017). ICIS 2017 Proceedings. 13.
https://aisel.aisnet.org/icis2017/Security/Presentations/13
The Role of Top Managers’ IT Security Awareness in Organizational IT Security Management
Despite the widely recognized importance of top managers’ IT security awareness for effective IT security management, previous research has paid little attention to its complex nature. Against this backdrop, we conducted a structured literature review to identify and organize factors that have been found to determine managerial IT security awareness. Particularly, a systematic consolidation of the literature streams in combination with expert interviews and Q-sorting revealed that individual- and organization-related factors form two distinct dimensions of managers’ IT security awareness. Within the qualitative evaluation, we identified two supplementary factors (one in each dimension). Further, we found that the awareness of both top managers and managers at the department level is crucial for effective IT security management. Our proposed conceptualization will enable both researchers and practitioners to better understand managers’ IT security awareness and to subsequently develop interventions dedicated at improving managers’ awareness and thus the effectiveness of IT security management.