A four-part typology to assess organizational and individual security awareness

Abstract

ABSTRACT This article provides a four-part typology of security awareness. We argue that existing awareness typologies that distinguish problem awareness from solution awareness and that separate descriptive awareness from prescriptive awareness are on its own insufficient and need to be merged to have a complete picture of security awareness. Renaming and bridging both distinctions leads to four security awareness types: (1) Cognitive awareness of the threat; (2) Attitudinal awareness of the threat; (3) Cognitive awareness of the mitigation; and (4) Attitudinal awareness of the mitigation. Each type is subsequently explained in greater detail and illustrated by referring to the 2020 worldwide outbreak of COVID-19. Furthermore, it is demonstrated that the typology is applicable to study both organizational awareness and individual awareness.