Start Date
14-12-2012 12:00 AM
Description
Executives’ behavior causes potential information security management risks and has a direct influence on the security level of information systems and management. This behavior depends on personality traits and other cognitive factors. First, a comprehensive literature review and a status quo analysis are presented. We consider the constructs of the five factor model (FFM) as influence factors for attitudes towards technical and non-technical dimensions of information security management. Then, the hypothesized relationships are validated using empirical data from 174 information security executives. The results suggest that multiple facets of an information security executive’s personality have a significant effect on his or her attitude towards selected information security management activities. For example, conscientiousness is positively related to a person’s attitude towards the technical and organizational activities of information security. From these findings, theoretical and practical implications and recommendations are discussed.
Recommended Citation
Uffen, Jörg; Guhr, Nadine; and Breitner, Michael H., "Personality Traits and Information Security Management: An Empirical Study of Information Security Executives" (2012). ICIS 2012 Proceedings. 5.
https://aisel.aisnet.org/icis2012/proceedings/ISSecurity/5
Personality Traits and Information Security Management: An Empirical Study of Information Security Executives
Executives’ behavior causes potential information security management risks and has a direct influence on the security level of information systems and management. This behavior depends on personality traits and other cognitive factors. First, a comprehensive literature review and a status quo analysis are presented. We consider the constructs of the five factor model (FFM) as influence factors for attitudes towards technical and non-technical dimensions of information security management. Then, the hypothesized relationships are validated using empirical data from 174 information security executives. The results suggest that multiple facets of an information security executive’s personality have a significant effect on his or her attitude towards selected information security management activities. For example, conscientiousness is positively related to a person’s attitude towards the technical and organizational activities of information security. From these findings, theoretical and practical implications and recommendations are discussed.