Browse > Article
http://dx.doi.org/10.14400/JDC.2014.12.2.27

Why Security Awareness Education is not Effective?  

Yim, Myung-Seong (Dept. of Business Administration, Sahmyook University)
Publication Information
Journal of Digital Convergence / v.12, no.2, 2014 , pp. 27-37 More about this Journal
Abstract
While organizations are making a considerable effort to leverage formal and informal control mechanisms (e.g., policies, procedures, organizational culture) to improve security, their impact and effectiveness is under scrutiny as employees seldom comply with information security procedures. The best way to ensure the viability of a security policy is to make sure users understand it and accept necessary precautions. From an organization's perspective, a lack of security knowledge and awareness on the part of employees is a major problem. However, previous studies suggest that effect of security awareness education is inconsistent. Thus, this study is to find the answer why security awareness education is not effective. Conclusions and implications are discussed.
Keywords
Security Awareness Education; Information Security; Security Countermeasures;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Bagozzi, R. P., Yi, Y., and Phillips, L. W., Assessing Construct Validity in Organizational Research, Administrative Science Quarterly, vol. 36, pp. 421-458, 1991.   DOI   ScienceOn
2 Bandura, A., Social Foundations of Thought and Action: A Social Cognitive Theory, Prentice hall, Englewood Cliffs, NJ., 1986.
3 Barclay, D. W., Higgins, C. A., and Thompson, R., The Partial Least Squares Approach to Causal Modeling: Personal Computer Adoption and Use as Illustration, Technology Studies, vol. 2, no. 2, pp. 285-309, 1995.
4 Chen, C. C., Shaw, R. S., and Yang, S. C., Mitigating Information Security Awareness: A Case Study of an Information Security Awareness System, Information Technology, Learning, and Performance Journal, vol. 24, no. 1, pp. 1-14, 2006.
5 Chin, W. W., The Partial Least Squares Approach to Structural Equation Modeling. In G. A. Marcoulides (Ed.), Modern Methods for Business Research. Mahwah, New Jersey: Lawrence Erlbaum Associates, pp. 295-336, 1998.
6 Craighead, C. W., Ketchen, D. J., Dunn, K. S., and Hult, T. M., Addressing Common Method Variance: Guidelines for Survey Research on Information Technology, Operations, and Supply Chain Management, IEEE Transactions on Engineering Management, vol. 58, no. 3, pp. 578-588, 2011.   DOI   ScienceOn
7 Fornell, C., and Larcker, D. F., Evaluating Structural Equation Models with Unobservable and Measurement Error, Journal of Marketing Research, vol. 18, pp. 39-50, 1981.   DOI   ScienceOn
8 D'Arcy, J., and Herath, T., A Review and Analysis of Deterrence Theory in the IS Security Literature: Making Sense of the Disparate Findings, European Journal of Information Systems, vol. 20, pp. 643-658, 2011.   DOI   ScienceOn
9 Kruger, H. A., and Kearney, W. D., A Prototype for Assessing Information Security Awareness, Computers & Security, vol. 25, pp. 289-296, 2006.   DOI   ScienceOn
10 Lindell, M. K., and Whitney, D. J., Accounting for Common Method Variance in Cross-Sectional Research Designs, Journal of Applied Psychology, vol. 86, no. 1, pp. 114-121, 2001.   DOI   ScienceOn
11 Podsakoff, P. M., MacKenzie, S. B., Lee, J. Y., and Podsakoff, N. P., Common Method Biases in Behavioral Research: A Critical Review of the Literature and Recommended Remedies, Journal of Applied Psychology, vol. 88, no. 5, pp. 879-903, 2003.   DOI   ScienceOn
12 Nunnally, J. C., and Bernstein, I. H., Psychometric Theory, 3rd eds. McGraw-Hill Inc., New York, 1994.
13 Pavlou, P., Liang, H., and Xue, Y., Understanding and Mitigating Uncertainty in Online Exchange Relationships: A Principal-Agent Perspective, MIS Quarterly, vol. 31, no. 1, pp. 105-136, 2007.   DOI
14 Puhakainen, P., and Siponen, M., Improving Employees' Compliance through Information Systems Security Training: An Action Research Study, MIS Quarterly, vol. 34, no. 4, pp. 757-778, 2010.   DOI
15 Ringle, C. M., Wende, S., and Will, A., SmartPLS 2.0 (beta), Hamburg, Germany, 2005.
16 Siponen, M., Vance, A., and Willison, R., New Insights into the Problem of Software Piracy: The Effects of Neutralization, Shame, and Moral Beliefs, Information & Management, vol. 49, pp. 334-341, 2012.   DOI   ScienceOn
17 Slater, S. F., and Atuahene-Gima, K., Conducting Survey Research in Strategic Management, vol. 1, Emerald Group Publishing Ltd., pp. 227-249, 2004.
18 Gefen, D., and Straub, D., A Practical Guide to Factorial Validity Using PLS-Graph: Tutorial and Annotated Example, Communications of the Association for Information Systems, vol. 16, pp. 91-109, 2005.
19 D'Arcy, J., Hovav, A., and Galletta, D., User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach, Information Systems Research, vol. 20, no. 1, pp. 79-98, 2009.   DOI   ScienceOn
20 D'Arcy, J., and Hovav, A., Deterring Internal Information Systems Misuse, Communications of the ACM, vol. 50, no. 10, pp. 113-144, 2007.
21 Hair, J. F., Black, W. C., Babin, B. J., Anderson, R. E., Tatham, R. L., Multivariate Data Analysis, 6th eds., Pearson Education, Inc., Upper Saddle River, New Jersey, 2006.
22 Hair, J. F., Sarstedt, M., Ringle, C. M., and Mena, J. A., An Assessment of the Use of Partial Least Squares Structural Equation Modeling in Marketing Research, Journal of the Academy of Marketing Science, vol. 40, pp. 414-433, 2012.   DOI
23 Hansmann, K., and Ringle, C. M., SmartPLS Manual, Universitat Hamburg, 2004.
24 Henseler, J., Ringle, C. M., and Sinkovics, R. R., The Use of Partial Least Squares Path Modeling in International Marketing, Advances in International Marketing, vol. 20, pp. 277-319, 2009.
25 Hulland, J., Use of Partial Least Squares (PLS) in Strategic Management Research: A Review of Four Recent Studies, Strategic Management Journal, vol. 20, pp. 195-204, 1999.   DOI
26 Kankanhalli, A., Teo, H. H., Tan, B. C. Y., and Wei, K. K., An Integrative Study of Information Systems Security Effectiveness, International Journal of Information Management, vol. 23, pp. 139-154, 2003.   DOI   ScienceOn
27 Tsohou, A., Kokolakis, S., Karyda, M., and Kiountouzis, E., Investigating Information Security Awareness: Research and Practice Gaps, Information Security Journal: A Global Perspective, vol. 17, pp. 207-227, 2008a.   DOI
28 Sosik, J. J., Kahai, S. S., and Piovoso, M. J., Silver Bullet or Voodoo Statistics? A Primer for Using the Partial Least Squares Data Analytic Technique in Group and Organization research, Group and Organization Management, vol. 34, no. 1, pp. 5-36, 2009.   DOI
29 Straub, D. W., and Welke, R. J., Coping with Systems Risk: Security Planning Models for Management Decision-Making, MIS Quarterly, vol. 22, no. 4, pp. 441-469, 1998.   DOI   ScienceOn
30 Tenenhaus, M., Vinzi, V. E., Chaterlin, Y. M., and Lauro, C., PLS Path Modeling, Computational Statistics & Data Analysis, vol. 48, no. 1, pp. 159-205, 2005.   DOI   ScienceOn
31 Tsohou, A., Kokolakis, S., Karyda, M., and Kiountouzis, E., Process-variance Models in Information Security Awareness Research, Information Management & Computer Security, vol. 16, no. 3, pp. 271-287, 2008b.   DOI   ScienceOn
32 Wetzels, M., Odekerken-Schröder, G., and van Oppen, C., Using PLS Path Modeling for Assessing Hierarchical Construct Models: Guidelines and Empirical Illustration, MIS Quarterly, vol. 33, no. 1, pp. 177-195, 2009.   DOI
33 Malhotra, N. K., Kim, S. S., and Patil, A., Common Method Variance in IS Research: A Comparison of Alternative Approaches and a Reanalysis of Past Research, Management Science, vol. 52, no. 12, pp. 1865-1883, 2006.   DOI   ScienceOn