Paper ID

1329

Paper Type

full

Description

Within organizations, senior executives bear a great responsibility regarding an effective IS security risk management and related activities. Although prior research recognizes that senior executives are only successful in their management tasks when they are fully aware of potential IS security risks and effective countermeasures, empirical studies with this regard have largely been omitted. We propose a research model that studies senior executives’ information security awareness, their attitudes and intentions towards security-related activities. We tested this model within two complementary studies among 112 business executives and 167 IT executives. Findings show that information security awareness positively affects senior executives’ intention to pursue security-enhancing activities. Comparing both groups, attitude mediates the relationship between information security awareness and intention to enhance security only for business executives. Our results are useful for IS research on promoting security-related activities of senior executives and practitioners interested in the benefits of information security awareness for managers.

Share

COinS
 

On the Benefits of Senior Executives’ Information Security Awareness

Within organizations, senior executives bear a great responsibility regarding an effective IS security risk management and related activities. Although prior research recognizes that senior executives are only successful in their management tasks when they are fully aware of potential IS security risks and effective countermeasures, empirical studies with this regard have largely been omitted. We propose a research model that studies senior executives’ information security awareness, their attitudes and intentions towards security-related activities. We tested this model within two complementary studies among 112 business executives and 167 IT executives. Findings show that information security awareness positively affects senior executives’ intention to pursue security-enhancing activities. Comparing both groups, attitude mediates the relationship between information security awareness and intention to enhance security only for business executives. Our results are useful for IS research on promoting security-related activities of senior executives and practitioners interested in the benefits of information security awareness for managers.