 From compliance to impact: Tracing the transformation of an organisational security awareness programmeJulie Haney and
Wayne Lutters
Cyber Security: A Peer-Reviewed Journal, 2024, vol. 8, issue 2, 110-130 Abstract: There is a growing recognition of the need for a transformation from organisational security awareness programmes focused on compliance, measured by training completion rates, to those resulting in behaviour change. Few researchers or practitioners, however, have begun to unpack the organisational practices of the security awareness teams tasked with executing programme transformation. The authors of this paper conducted a year-long case study of a security awareness programme in a US government agency, collecting data via observations, interviews and documents. Their findings reveal the challenges and practices involved in the progression of a security awareness programme from being compliance-focused to emphasising impact on workforce attitudes and behaviours. The authors capture transformational organisational security awareness practices in action from multiple workforce perspectives. The study insights can serve as a resource for other security awareness programmes and workforce development initiatives aimed at better defining the security awareness work role. Keywords: cyber security; awareness; training; compliance; measures; case study (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:aza:csj000:y:2024:v:8:i:2:p:110-130 Access Statistics for this article More articles in Cyber Security: A Peer-Reviewed Journal from Henry Stewart Publications |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.