Lund University Publications

Leadership and the Psychology of Awareness: Three Theoretical Approaches to Information Security Management

• Mark

Holmberg, Robert ^LU and Sundström, Mikael ^LU

Abstract

The authors argue that Information Security Management (ISM) would benefit from studies that examine the social and psychological mechanisms that, when in evidence, generate employee aware¬ness of information security (IS) related issues. Properly instilled, IS awareness has the power to en¬gender a proactive wariness beyond mechanical guidelines, however detailed. To study how awareness travels in com¬plex organisations the authors devise a framework to catch mecha¬nisms grounded in psychological and sociological theories. To illustrate the framework, the authors then turn to an empirical study of a medium-sized company where they sound managers for definitions of IS and ISM; for initiatives intended to influence IS and IS awareness among... (More)

The authors argue that Information Security Management (ISM) would benefit from studies that examine the social and psychological mechanisms that, when in evidence, generate employee aware¬ness of information security (IS) related issues. Properly instilled, IS awareness has the power to en¬gender a proactive wariness beyond mechanical guidelines, however detailed. To study how awareness travels in com¬plex organisations the authors devise a framework to catch mecha¬nisms grounded in psychological and sociological theories. To illustrate the framework, the authors then turn to an empirical study of a medium-sized company where they sound managers for definitions of IS and ISM; for initiatives intended to influence IS and IS awareness among em¬ployees; and for their views on learning related to IS and ISM. The study highlights the difficulties facing mana¬gers charged with IS matters, whose responsibilities are often considered peripheral by the general em¬ployee. It also provides several pointers how to go about the complex business of aware¬ness-building. (Less)