Process‐variance models in information security awareness research
Abstract
Purpose
The purpose of this paper is to study the way information systems (IS) security researchers approach information security awareness and examine whether these approaches are consistent with the organization theory and IS approaches for the study of organizational processes.
Design/methodology/approach
Open coding analysis was performed on selected publications (articles, surveys, standards, and reports). The chosen publications were classified and the classification results are presented, based on a proposed typology.
Findings
The proposed typology allows us to identify different types of research models followed by security researchers and practitioners, and to infer a set of practical implications, for the benefit of those interested in empirically studying information security awareness.
Research limitations/implications
The paper represents a pilot survey, performed in a selected number of publications.
Practical implications
The paper helps researchers and practitioners to distinguish the research models that can be adopted for the study of information security awareness organizational process, by identifying the key dimensions along which they differ.
Originality/value
The proposed typology provides a guide to identify the range of options available to researchers and practitioners when they design their work regarding the security awareness topic. Moreover, it can facilitate the communication between scholars in the field of security awareness.
Keywords
Citation
Tsohou, A., Kokolakis, S., Karyda, M. and Kiountouzis, E. (2008), "Process‐variance models in information security awareness research", Information Management & Computer Security, Vol. 16 No. 3, pp. 271-287. https://doi.org/10.1108/09685220810893216
Publisher
:Emerald Group Publishing Limited
Copyright © 2008, Emerald Group Publishing Limited