Thangavelu, M., Krishnaswamy, V., & Sharma, M. (2021). Impact of Comprehensive Information Security Awareness and Cognitive Characteristics on Security Incident Management–An empirical study. Computers & Security, https://doi.org/10.1016/j.cose.2021.102401.

Abstract:

Organizations deploy a team of dedicated security professionals and spend significant resources safeguarding their digital assets. Despite best efforts, security incidents are on the rise and remain a key challenge. The literature has focused inadequately on the lack of professionals’ awareness of security, system, or situational aspects. Extant literature on the impact of awareness on threat management tasks is disjointed and does not adequately consider the metacognitive awareness and self-efficacy of security professionals. To this effect, we propose and empirically validate a model to study the relationship between security, system, situational awareness, and security professionals’ ability to detect, assess, and mitigate threats. We also investigate the effects of metacognitive awareness and self-efficacy on the relationship between awareness and threat management tasks. We validate the model using a survey of 100 information security professionals. Results indicate a significant relationship between awareness, metacognitive awareness, self-efficacy, and threat management task performance. The analysis also demonstrates that metacognitive awareness and self-efficacy mediated the impact of awareness on threat management task performance. We discuss the effects and implications of this study for practice and research.


URL: https://doi.org/10.1016/j.cose.2021.102401