A Practical Guideline for Developing a Managerial Information Security Awareness Program

Human action is a major cause for cyber security incidents in organizations. One user group particularly exposed to risk is senior management. Even though managerial information security awareness (MISA) is of high relevance, there is a lack of support on the development of MISA programs from academia. Applying Hevner’s design science research approach, the goal of this study is to create an artifact—a MISA guide, which is fed from literature reviews and qualitative interviews with senior managers and cyber security awareness experts. According to experts interviewed in the evaluation phase, the created artifact was verified to be usable as well as applicable and the results were deemed correct and complete. The evaluation findings indicate that more investigations should be conducted such as to analyze the relationship between ‘organizational security culture’ and the ‘security awareness of senior managers’.