Specifying IT Security Awareness

Abstract

IT users are faced with various threats on a daily basis. Unfortunately, not all possible dangers are known to them, such that the users fall an easy victim to attacks. For this reason, IT specialists demand for higher IT security awareness. Although researchers and practitioners exercise ongoing efforts in this area, their work often lacks a concise definition of the term "security awareness". Since there is no agreement on the term, different (and sometimes not compatible) ways of raising and measuring security awareness exist. This paper is an effort to give an overview of this phenomenon and to show that awareness in IT security is not standardized yet.