Konferenzbeitrag
Why should they care? Conceptualizing the challenges of information security training
Lade...
Volltext URI
Dokumententyp
Text/Conference Paper
Zusatzinformation
Datum
2021
Autor:innen
Zeitschriftentitel
ISSN der Zeitschrift
Bandtitel
Quelle
Verlag
Gesellschaft für Informatik e.V.
Zusammenfassung
Most organizations rely on individuals without or with little security knowledge to participate in information security tasks. Intending to enable them, information security trainings are usually used. But their effectiveness is debatable. In this contribution we combine descriptive analysis with the social systems theory and current literature on organizational learning and change management to conceptualize the challenges of information security training. We find that the challenges of security training are rooted within a basic dilemma of security: its value-promise (addressing of risks) is not suitable for communication within an organization. These findings are part of an ongoing research project on trainings for IoT security.