Security Awareness Management: Implementing Security in Business Processes by Management Education

vom Brocke J; Buddendick C

Abstract
The implementation of secure business processes has become a vital necessity for companies, nowadays. Security issues have been especially covered with regard to IT-security. Comprehensive technical means are available, promising to guarantee security. Actual studies show that despite of implementing these technical solutions, security threats are still evolving when performing business processes in everyday work life. Human interactions in information systems count up for most of these threats. In order to raise security awareness of employees, management education can have a significant contribution. In this paper, we develop a general model for the implementation of security by means of management education based on findings in the field of IT-security management. These findings are based on behavioural science and used to develop a process model for controlling security awareness with an educational approach. To evaluate the model, we present a case study by applying the model in practice. By means of that, we finally derive conclusions and lessons learned from a management perspective as well as from a researcher's point of view.

Keywords
Security Awareness Management