An Integrative Model of Information Security Awareness for Assessing Information Systems Security Risk

The pervasiveness of IT in supporting critical operations has made organizations increasingly vulnerable to IT threats. Since the impact of malicious IT may be complex, researchers suggest a multi-perspective approach to better understanding malicious IT and threat avoidance behavior. Drawing upon concepts from system dynamics, cybernetic theory and Technological Threat Avoidance Theory (TTAT) we develop a research model that contributes to our understanding of information security awareness (ISA) and its association with IS security risk assessment. Using a sample base of 119 IS security practitioners, an ISA research model was developed and tested using structural equation modeling. Our results indicate that the constructs technical knowledge, organizational impact, and attacker assessment generate strong correlations with ISA. Interestingly, organizational impact and attacker assessment generated stronger associations with ISA than technical knowledge. Our results also indicate that ISA is highly correlated with ISS risk assessment.