Security awareness management - Foundations and implementation of security awareness

IT security is highly important for companies. The subject of IT security management is the development of techniques ensuring the security of information systems. Actual surveys show that human actions are the predominant reason for operational disturbances. With regard to this fact, IT security management has to be extended by specific elements that focus on human behaviour. In this article a security awareness management (SAM) is, therefore, presented. In order to gain insight about this new field of security management, first theoretical foundations of behavioural science are analysed with respect to its use for SAM. These findings serve as a basis for the derivation of requirements for the implementation of SAM in practice. In order to prove the concept, results of its application in an empirical project are presented. Finally, the lessons learned of this approach are summarised and perspectives for further research are highlighted.