Aligning Security Awareness With Information Systems Security Management

Authors

Aggeliki Tsohou, Dept. of Information and Communication Systems Engineering, University of the AegeanFollow
Maria Karyda, Dept. of Information and Communication Systems Engineering, University of the AegeanFollow
Spyros Kokolakis, Dept. of Information and Communication Systems Engineering, University of the AegeanFollow
Evangelos Kiountouzis, Department of Informatics, Athens University of Economics and BusinessFollow

Abstract

This paper explores the way information security awareness connects to the overall information security management framework it serves. To date, the formulation of security awareness initiatives has tended to ignore the important relationship with the overall security management context, and vice versa. In this paper we show that the two processes can be aligned so as to ensure that awareness activities serve the security management strategy and that security management exploits the benefits of an effective awareness effort. To do so, we analyze the processes of security awareness and security management using a process analysis framework and we explore their interactions. The identification of these interactions results in making us able to place awareness in a security management framework instead of viewing it as an isolated security mechanism.

Recommended Citation

Tsohou, Aggeliki; Karyda, Maria; Kokolakis, Spyros; and Kiountouzis, Evangelos, "Aligning Security Awareness With Information Systems Security Management" (2009). MCIS 2009 Proceedings. 73.
https://aisel.aisnet.org/mcis2009/73