Loading...
Paper Number
2475
Paper Type
Completed
Description
As security incidents such as data breaches have dramatically increased in recent years, companies have acknowledged the utmost importance of implementing SETA (Security, Education, Training, and Awareness) programs. Although there has been much effort in designing these programs as effectively as possible, many security incidents are caused by employee misconduct. In this study, we shed light on the basic dimensions of information security competence (ISC) that employees need to efficiently improve their performance in dealing with security threats. Using a competence model from the field of vocational education, we conceptualize information security competence as a multidimensional construct. We then empirically test the impact of information security competence on information security performance in a study with 234 participants. Our results suggest that a differentiated view of competence is necessary, first, to improve employee performance in dealing with security threats and, second, to develop SETA programs that address employee vulnerabilities.
Recommended Citation
Rampold, Florian; Masuch, Kristin; Warwas, Julia; and Trang, Simon, "Triad or Error? Introducing Three Basic Dimensions of Competence as a Driving Force for Information Security Performance" (2023). ICIS 2023 Proceedings. 11.
https://aisel.aisnet.org/icis2023/cyber_security/cyber_security/11
Triad or Error? Introducing Three Basic Dimensions of Competence as a Driving Force for Information Security Performance
As security incidents such as data breaches have dramatically increased in recent years, companies have acknowledged the utmost importance of implementing SETA (Security, Education, Training, and Awareness) programs. Although there has been much effort in designing these programs as effectively as possible, many security incidents are caused by employee misconduct. In this study, we shed light on the basic dimensions of information security competence (ISC) that employees need to efficiently improve their performance in dealing with security threats. Using a competence model from the field of vocational education, we conceptualize information security competence as a multidimensional construct. We then empirically test the impact of information security competence on information security performance in a study with 234 participants. Our results suggest that a differentiated view of competence is necessary, first, to improve employee performance in dealing with security threats and, second, to develop SETA programs that address employee vulnerabilities.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
06-Security