Presenting Author

Johann Kranz

Paper Type

Completed Research Paper

Abstract

Employees’ information security awareness (ISA) is a key antecedent of information security behavior. However, to date we know very little about the factors that are responsible for some employees having a higher level of ISA than others. Our study addresses this gap. We propose a model that comprises institutional, individual, and environmental factors preceding ISA. The model was empirically tested with survey data gathered from 475 employees of different organizations and industries. The model was found to explain a substantial proportion (.53) of the variance. The results indicate that providing employees with comprehensible and readily accessible information security policies and improving employees’ IT knowledge are the two most influential antecedents of ISA. The findings will help refining researchers’ understanding of ISA and will be useful for diverse stakeholders interested in encouraging employees’ information security policy compliant behavior.

Share

COinS
 

Understanding the Antecedents of Information Security Awareness - An Empirical Study

Employees’ information security awareness (ISA) is a key antecedent of information security behavior. However, to date we know very little about the factors that are responsible for some employees having a higher level of ISA than others. Our study addresses this gap. We propose a model that comprises institutional, individual, and environmental factors preceding ISA. The model was empirically tested with survey data gathered from 475 employees of different organizations and industries. The model was found to explain a substantial proportion (.53) of the variance. The results indicate that providing employees with comprehensible and readily accessible information security policies and improving employees’ IT knowledge are the two most influential antecedents of ISA. The findings will help refining researchers’ understanding of ISA and will be useful for diverse stakeholders interested in encouraging employees’ information security policy compliant behavior.