Transmission, Evaluation, Culture – Internal Communications as a Catalyst for Information Security Awareness
摘要
Employees play an important role in an organisation’s information security concept. Information Security Awareness (ISA) programmes aim to foster secure behaviour among employees, but the people in charge often lack the needed skills in psychology or communications. ISA can therefore benefit from collaborating with internal non-technical departments. In this paper the collaboration between Internal Communications (IC) and ISA is studied. Since no prior research is done so far, a qualitative approach has been chosen to gain an initial insight. Experts from both fields from six European organisations have been interviewed. The results show transmission, evaluation and culture as supporting areas, with a lot of support already happening in transmission but less in the latter two. To describe maturity, three levels are proposed: Static Exchange, Joint Planning and Shared Responsibility; with most participants being placed in Joint Planning. The development of this collaboration proofed beneficial for both areas. Future potential for research lies in a more detailed collaboration model for ISA with internal departments and the analysis of ISA topics as part of IC.