Current Issues Of Metrics For Information Security Awareness

Authors

Tobias Fertig, Hochschule für angewandte Wissenschaften Würzburg-SchweinfurtFollow
Andreas Erwin Schütz, University of Applied Sciences Würzburg-SchweinfurtFollow
Kristin Weber, Hochschule für angewandte Wissenschaften Würzburg-SchweinfurtFollow

Abstract

Measuring information security awareness (ISA) is mostly done by the measurement of knowledge. However, knowledge does not allow any statement about actual behavior. Therefore, measurement techniques are required, that are focusing on the behavior of employees. We carried out a structured literature review as well as expert interviews in order to retrieve current requirements for metrics in theory and practice. Moreover, we show that the interviewees defined some more requirements than are available in literature. The goal of our research is, to create a performance measurement system (PMS) based on the integrated behavioral model (IBM). Therefore, we had to check if the different aspects of the IBM can be covered by existing metrics. Although many of the requirements can be fulfilled by current metrics, not all aspects of the IBM can be covered. Therefore, we need additional research to create a PMS that allows the evaluation of ISA in companies.

Recommended Citation

Fertig, Tobias; Schütz, Andreas Erwin; and Weber, Kristin, "Current Issues Of Metrics For Information Security Awareness" (2020). In Proceedings of the 28th European Conference on Information Systems (ECIS), An Online AIS Conference, June 15-17, 2020.
https://aisel.aisnet.org/ecis2020_rp/184