Start Date

14-12-2012 12:00 AM

Description

Executives’ behavior causes potential information security management risks and has a direct influence on the security level of information systems and management. This behavior depends on personality traits and other cognitive factors. First, a comprehensive literature review and a status quo analysis are presented. We consider the constructs of the five factor model (FFM) as influence factors for attitudes towards technical and non-technical dimensions of information security management. Then, the hypothesized relationships are validated using empirical data from 174 information security executives. The results suggest that multiple facets of an information security executive’s personality have a significant effect on his or her attitude towards selected information security management activities. For example, conscientiousness is positively related to a person’s attitude towards the technical and organizational activities of information security. From these findings, theoretical and practical implications and recommendations are discussed.

Share

COinS
 
Dec 14th, 12:00 AM

Personality Traits and Information Security Management: An Empirical Study of Information Security Executives

Executives’ behavior causes potential information security management risks and has a direct influence on the security level of information systems and management. This behavior depends on personality traits and other cognitive factors. First, a comprehensive literature review and a status quo analysis are presented. We consider the constructs of the five factor model (FFM) as influence factors for attitudes towards technical and non-technical dimensions of information security management. Then, the hypothesized relationships are validated using empirical data from 174 information security executives. The results suggest that multiple facets of an information security executive’s personality have a significant effect on his or her attitude towards selected information security management activities. For example, conscientiousness is positively related to a person’s attitude towards the technical and organizational activities of information security. From these findings, theoretical and practical implications and recommendations are discussed.