Abstract

PurposeThe purpose of this paper is to examine why mainstream information security awareness techniques have failed to evolve at the same rate as automated technical security controls and to suggest improvements based on psychology and safety science.Design/methodology/approachThe concepts of bounded rationality, mental models and the extended parallel processing model are examined in an information security context.FindingsThere is a lack of formal methodologies in information security awareness for systematically identifying audience communication requirements. Problems with human behaviour in an information security context are assumed to be caused by a lack of facts available to the audience. Awareness, therefore, is largely treated as the broadcast of facts to an audience in the hope that behaviour improves. There is a tendency for technical experts in the field of information security to tell people what they think they ought to know (and may in fact already know). This “technocratic” view of risk communication is fundamentally flawed and has been strongly criticised by experts in safety risk communications as ineffective and inefficient.Practical implicationsThe paper shows how the approach to information security awareness can be improved using knowledge from the safety field.Originality/valueThe paper demonstrates how advanced concepts from safety science can be used to improve information security risk communications.

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Enhancing Information Security Process in Organisations in Qatar
Aisha Khalid Al-Hamar
-
Aisha Khalid Al-HamarAisha Khalid Al-Hamar
01 Jan 2015
Impact of information security awareness on information security compliance of academic library staff in Türkiye
Ali Kavak
The Journal of Academic Librarianship | VOL. 50
Ali KavakAli Kavak
14 Aug 2024
Raising Information Security Awareness in the Field of Urban and Regional Planning
Margit Christa Scholl
-
Margit Christa SchollMargit Christa Scholl
01 Jan 2021
The Effects of Bank Employees’ Information Security Awareness on Performance of Information Security Governance
Shiann Ming Wu ... Dongqiang Guo
-
Shiann Ming Wu, et. al.Shiann Ming Wu ... Dongqiang Guo
01 Nov 2017
View more papers

More From: Information Management & Computer Security

Paper Title
Journal
Date
Author
Repairing trust in an e-commerce and security context: an agent-based modeling approach
Jae Choi ... Derek L. Nazareth
Information Management & Computer Security | VOL. 22
Jae Choi, et. al.Jae Choi ... Derek L. Nazareth
10 Nov 2014
Current challenges in information security risk management
Stefan Fenz ... Thomas Neubauer
Information Management & Computer Security | VOL. 22
Stefan Fenz, et. al.Stefan Fenz ... Thomas Neubauer
10 Nov 2014
Security culture and the employment relationship as drivers of employees’ security compliance
John D'Arcy ... Gwen Greene
Information Management & Computer Security | VOL. 22
John D'Arcy, et. al.John D'Arcy ... Gwen Greene
10 Nov 2014
Using response action with intelligent intrusion detection and prevention system against web application malware
Ammar Alazab ... Jemal Abawajy
Information Management & Computer Security | VOL. 22
Ammar Alazab, et. al.Ammar Alazab ... Jemal Abawajy
10 Nov 2014
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.