Developing a Maturity Model for Information Security Awareness Using a Polytomous Extension of the Rasch Model

Presenter Information

Tobias Fertig, University of Applied Sciences Würzburg-SchweinfurtFollow
Andreas Schütz, University of Applied Sciences Würzburg-SchweinfurtFollow
Kristin Weber, Technical University Würzburg-SchweinfurtFollow

Location

Online

Event Website

https://hicss.hawaii.edu/

Start Date

3-1-2023 12:00 AM

End Date

7-1-2023 12:00 AM

Description

Advancing digitization in companies leads to increased importance of information and their security. Since people play a crucial role in protecting information, it is important to sensitize them to information security. Many companies find it difficult to raise the so-called information security awareness (ISA) in a planned and targeted way. With a maturity model (MM) for ISA, companies are able to carry out an assessment of the current state regarding ISA and thereby actively manage and plan their future ISA measures. The proposed MM has five maturity levels that were determined mathematically with the help of a polytomous extension of the Rasch model and a hierarchical cluster analysis. The required data for the calculations has been gathered with a survey among 105 organizations. The evaluation has shown that the MM is well-suited to identify strengths and weaknesses with regard to ISA within organizations.

Recommended Citation

Fertig, Tobias; Schütz, Andreas; and Weber, Kristin, "Developing a Maturity Model for Information Security Awareness Using a Polytomous Extension of the Rasch Model" (2023). Hawaii International Conference on System Sciences 2023 (HICSS-56). 2.
https://aisel.aisnet.org/hicss-56/st/security_and_privacy_of_hci/2