Article: Security Awareness Management – implementing security in business processes by management education Journal: International Journal of Information and Operations Management Education (IJIOME) 2007 Vol.2 No.2 pp.117 - 130 Abstract: The implementation of secure business processes has become a vital necessity for companies, nowadays. Security issues have been especially covered with regard to IT-security. Comprehensive technical means are available, promising to guarantee security. Actual studies show that despite of implementing these technical solutions, security threats are still evolving when performing business processes in everyday work life. Human interactions in information systems count up for most of these threats. In order to raise security awareness of employees, management education can have a significant contribution. In this paper, we develop a general model for the implementation of security by means of management education based on findings in the field of IT-security management. These findings are based on behavioural science and used to develop a process model for controlling security awareness with an educational approach. To evaluate the model, we present a case study by applying the model in practice. By means of that, we finally derive conclusions and lessons learned from a management perspective as well as from a researcher|s point of view. Inderscience Publishers - linking academia, business and industry through research

Title: Security Awareness Management – implementing security in business processes by management education

Authors: J. Vom Brocke, C. Buddendick

Addresses: HILTI Chair of Information Systems and Business Process Management, Liechtenstein University, Furst-Franz-Josef-Strasse, FL-9490 Vaduz, Principality of Liechtenstein. ' European Research Center for Information Systems (ERCIS), University of Munster, Leonardo-Campus 3, 48149 Munster, Germany

Abstract: The implementation of secure business processes has become a vital necessity for companies, nowadays. Security issues have been especially covered with regard to IT-security. Comprehensive technical means are available, promising to guarantee security. Actual studies show that despite of implementing these technical solutions, security threats are still evolving when performing business processes in everyday work life. Human interactions in information systems count up for most of these threats. In order to raise security awareness of employees, management education can have a significant contribution. In this paper, we develop a general model for the implementation of security by means of management education based on findings in the field of IT-security management. These findings are based on behavioural science and used to develop a process model for controlling security awareness with an educational approach. To evaluate the model, we present a case study by applying the model in practice. By means of that, we finally derive conclusions and lessons learned from a management perspective as well as from a researcher|s point of view.

Keywords: channel management; IT security; security awareness mangement; security management; security policies; information technology; information systems; management education; behavioural science.

DOI: 10.1504/IJIOME.2007.015278

International Journal of Information and Operations Management Education, 2007 Vol.2 No.2, pp.117 - 130

Published online: 01 Oct 2007 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Security Awareness Management – implementing security in business processes by management education

Keep up-to-date