Wie erzeugt man Aufmerksamkeit für Cyber-Security-Themen? Welche DOs und DONTs gibt es bei der Cyber Security Awareness?
Allgemeines
Scott W. Ambler: Lean development governance
ZSK: Punk aus Berlin
Anschnallpflicht in Deutschland
ENISA Threat Landscape 2025
CrowdStrike: 2025 Global Threat Report: Latest Cybersecurity Trends & Insights. CrowdStrike, Austin, TX (2025)Kultur in Organisationen
Edgar H. Schein (1985) Organizational Culture and Leadership, San Francisco
Huang, K., Pearlson, K.: Building a Model of Organizational Cybersecurity Culture: Identifying Factors Contributing to a Cyber-secure Workplace. 2019 Survey Results. MIT Sloan (2019)
Da Veiga, A., Astakhova, L., Botha, A., Herselman, M.: Defining organizational information security culture–Perspectives from academia and industry. In: Computers & Security 92, 101713 (2020)
Edmondson, A.: Psychological safety and learning behavior in work teams. Administrative Science Quarterly 44(2), 350–383 (1999)
Ahola, K., Butavicius, M., McCormac, A., Sturman, D.: Hey “CSIRI”, should I report this? Investigating the factors that influence employees to report cyber security incidents in the workplace. Information and Computer Security 33(2), 242–266 (2025)
Beautement, A., Sasse, M.A., Wonham, M.: The compliance budget: managing security behavior in organizations. In: Proceedings of the 2008 New Security Paradigms Workshop, pp. 47–58. ACM, New York (2008)Psychologische Aspekte
>Borgert, N., Jansen, L., Böse, I., Friedauer, J., Sasse, M.A., Elson, M.: Self-efficacy and security behavior: results from a systematic review of research methods. In: Proceedings of CHI 2024. ACM, New York (2024).
Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Quarterly 34(3), 523–548 (2010)
Herley, C.: So long, and no thanks for the externalities: the rational rejection of security advice by users. In: Proceedings of the 2009 New Security Paradigms Workshop, pp. 133–144. ACM, New York (2009)
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., Jerram, C.: Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q). Computers and Security 42, 165–176 (2014)How to make teenagers smoke
How to get 7th graders to smoke
Petrosino, Anthony, Carolyn Turpin-Petrosino, Meghan E. Hollis-Peel, and Julia G. Lavenberg. “Scared Straight and Other Juvenile Awareness Programs for Preventing Juvenile Delinquency: A Systematic Review.” Campbell Systematic Reviews 9, no. 1 (2013): 1–55.
Hansen, William B., C. Anderson Johnson, Brian R. Flay, John W. Graham, and Judith Sobel. “Affective and Social Influences Approaches to the Prevention of Multiple Substance Abuse among Seventh Grade Students: Results from Project SMART.” Preventive Medicine 17, no. 2 (1988): 135–54. Phishing
Volkamer, M., Sasse, M. A., Boehm, F.: Phishing-Kampagnen zur Mitarbeiter-Awareness: Analyse aus verschiedenen Blickwinkeln: Security, Recht und Faktor Mensch. Karlsruher Institut fuer Technologie (KIT), Karlsruhe (2020)
Kumaraguru, P., Cranshaw, J., Acquisti, A., Cranor, L.F., Hong, J., Blair, M.A., Pham, T.: School of phish: a real-world evaluation of anti-phishing training. In: Proceedings of SOUPS 2009, Article 3. ACM, New York (2009)
Kumaraguru, P., Rhee, Y., Acquisti, A., Cranor, L.F., Hong, J., Nunge, E.: Protecting people from phishing: the design and evaluation of an embedded training email system. In: Proceedings of CHI 2007, pp. 905–914. ACM, New York (2007)Awareness Kampagnen
Bada, M., Sasse, A.M., Nurse, J.R.C.: Cyber security awareness campaigns: why do they fail to change behavior? In: Proceedings of the International Conference on Cyber Security for Sustainable Society, pp. 118–131. Coventry, UK (2015)
Arif, M., Badila, M., Warden, J. M., Ur Rehman, A: A Study of Human Factors toward Compliance with Organization’s Information Security Policy. In: Information Security Journal: A Global Perspective 34 (3), 235–250 (2025)
Hu, S., Hsu, C., Zhou, Z.: Security Education, Training, and Awareness Programs: Literature Review. In: Journal of Computer Information Systems 62(4), 752–764 (2022)
Sasse, M. A., Hielscher, J., Friedauer, J., Buckmann, A.: Rebooting IT Security Awareness – How Organisations Can Encourage and Sustain Secure Behaviours. In: Katsikas et al. (eds.) Computer Security. ESORICS 2022 International Workshops, pp. 248–265 (2023)
Avrahami, Z., Zwilling, M.: The impact of cyber threat intelligence on employee behavior and skills and the implications for organizational cyber resilience. In: International Journal of Information Security 24, 184 (2025).
