Organizational Impact on Information Security Behavior
The increased effectiveness and robustness of technical security components has made it more difficult to successfully attack computer systems using purely technical means. Many attackers have therefore started to attack the humans accessing and using the computer systems. This development has increased the attention given to risks related to human or social aspects of information security.
In organizational settings, typical risks against employees include the risk of being deceived to comply with a malicious request, e.g., execute malware on the computer or reveal sensitive information (also know as Social engineering). This research project aims at obtaining a deeper understanding of how organizations can protect themselves from these new security threats by effectively organize and structure their information security function.
The output of the reserach project will be a model that provides decision support for shaping information security behavior in an organizational setting. In particular, the model will enable assessment of the organization and coordination of a organization’s information security knowledge sharing activities, and identify significant predictors of employee information security awareness and information security behavior.
The project is conducted in cooperation with Associate professor Marcus Nohlberg , University College of Skövde.