Security Awareness: The First Step in Information Security Compliance Behavior

Inho Hwang, Robin Wakefield, Sanghyun Kim, Taeha Kim

Research output: Contribution to journalArticlepeer-review

46 Scopus citations

Abstract

In this study, we use the attentional phase of social learning theory to link workplace security-related experiences and observations to employees’ security awareness. The responses of 398 organizational employees serve to test our research model using structural equational modeling with AMOS 22.0. The results show security awareness arises from both explicit and subjective security experiences in the workplace. Our respondents indicate knowledge of a physical system has little, if any, effect on security awareness. However, security education, policy, visibility and managerial security participation are important for producing security awareness. Furthermore, managerial participation strengthens the links between organizational security efforts and security awareness. We discuss the implications of our study for future security compliance research and practice.

Original languageEnglish
Pages (from-to)345-356
Number of pages12
JournalJournal of Computer Information Systems
Volume61
Issue number4
DOIs
StatePublished - 2021

Keywords

  • awareness
  • compliance intention
  • information security
  • management participation
  • security policy
  • security visibility
  • social learning theory
  • Word

Fingerprint

Dive into the research topics of 'Security Awareness: The First Step in Information Security Compliance Behavior'. Together they form a unique fingerprint.

Cite this