Information Security departments are continuously challenged and frustrated by the lack of employee compliance with established security policies. Several studies have shown causal factors for this type of employee behavior. However, few have recommended management level interventions that can be used as a solution framework by security practitioners. Based on constructs such as tailored communication messages, leadership influence, and peer ambassadors, this article presents a People-centric Information Security Awareness Program that can help security practitioners improve the Information Security Culture of their organization.
Federico Giovannetti
Doctor of Business Administration Program Muma College of Business, University of South Florida, Tampa
USA
e-mail: fgiovannetti@usf.edu
Abstract:
Key words:
Information security culture
employee compliance
tailored messaging
leadership
ambassadors
Section:
Topics: