Security Awareness als institutionelles Anliegen: Voraussetzungen, Herausforderungen und Gestaltungsräume für NRW-Hochschulen
摘要
Recent ransomware incidents at higher education institutions in Germany illustrate how the ongoing digitalization of research, teaching, and administration increases vulnerability and makes security awareness a strategic management task. This article explains awareness at the intersection of openness, resilience, and digital sovereignty. Theoretically, behavioral and learning psychology models (including Self-Determination Theory and the Theory of Planned Behavior) are linked with organizational perspectives on governance, culture, and communication. Emphasis is placed on e‑learning as a key element.
Based on this, theory-based assumptions were derived and methodologically validated through semi-structured expert interviews with information security officers and IT managers from several higher education institutions. The findings consolidate current practical experiences, among them the freely available offer SecAware.nrw, and identify three core problems: limited human and financial resources, unclear responsibilities and governance, and a highly heterogeneous target group.
The paper derives practical recommendations for higher education and concludes with a research agenda that outlines user perspectives and takes greater account of motivation-related psychological mechanisms in the design of e‑learning measures. This allows e‑learning-based measures to be further developed in line with the target group and a sustainable safety culture to be established in higher education.