{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,5]],"date-time":"2026-03-05T20:49:18Z","timestamp":1772743758787,"version":"3.50.1"},"reference-count":58,"publisher":"Informa UK Limited","issue":"5-6","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information Security Journal: A Global Perspective"],"published-print":{"date-parts":[[2008,12,5]]},"DOI":"10.1080\/19393550802492487","type":"journal-article","created":{"date-parts":[[2008,12,5]],"date-time":"2008-12-05T02:43:24Z","timestamp":1228445004000},"page":"207-227","source":"Crossref","is-referenced-by-count":29,"title":["Investigating Information Security Awareness: Research and Practice Gaps"],"prefix":"10.1080","volume":"17","author":[{"given":"Aggeliki","family":"Tsohou","sequence":"first","affiliation":[{"name":"University of the Aegean","place":["Greece"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Spyros","family":"Kokolakis","sequence":"additional","affiliation":[{"name":"University of the Aegean","place":["Greece"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Maria","family":"Karyda","sequence":"additional","affiliation":[{"name":"University of the Aegean","place":["Greece"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Evangelos","family":"Kiountouzis","sequence":"additional","affiliation":[{"name":"Athens University of Economics and Business","place":["Greece"]}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"301","published-online":{"date-parts":[[2008,12,4]]},"reference":[{"key":"e_1_3_2_2_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.11.004"},{"key":"e_1_3_2_3_1","doi-asserted-by":"publisher","DOI":"10.1201\/1086\/43319.11.1.20020301\/36261.3"},{"issue":"4","key":"e_1_3_2_4_1","first-page":"57","article-title":"People\u2014often the weakest link in security, but one of the best places to start","volume":"6","author":"Bresz F.P.","year":"2004","unstructured":"Bresz , F.P. 2004 . People\u2014often the weakest link in security, but one of the best places to start . Journal of Health Care Compliance , 6 ( 4 ) : 57 \u2013 60 .","journal-title":"Journal of Health Care Compliance"},{"key":"e_1_3_2_5_1","volume-title":"Proceedings of the IFIP TC11 WG11.8 Fourth World Conference on Information Security Education (WISE4), May 2005, Moscow","author":"Casmir R.","year":"2005","unstructured":"Casmir , R. and Yngstrom , L. 2005 . \u201c Towards a dynamic and adaptive information security awareness approach \u201d . In Proceedings of the IFIP TC11 WG11.8 Fourth World Conference on Information Security Education (WISE4), May 2005, Moscow , Russia ."},{"issue":"1","key":"e_1_3_2_6_1","first-page":"1","article-title":"Mitigating information security risks by increasing user security awareness: A case study of an information security awareness system","volume":"24","author":"Chen C.C.","year":"2006","unstructured":"Chen , C.C. , Shaw , R.S. and Yang , S.C. 2006 . Mitigating information security risks by increasing user security awareness: A case study of an information security awareness system . Information Technology Learning and Performance Journal , 24 ( 1 ) : 1 \u2013 14 .","journal-title":"Information Technology Learning and Performance Journal"},{"key":"e_1_3_2_7_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.10.005"},{"issue":"2","key":"e_1_3_2_8_1","first-page":"11","article-title":"Raising information security awareness in the academic setting","volume":"31","author":"Cox A.","year":"2001","unstructured":"Cox , A. , Connolly , S. and Currall , J. 2001 . Raising information security awareness in the academic setting . The Journal of Information and Knowledge Management System , 31 ( 2 ) : 11 \u2013 16 .","journal-title":"The Journal of Information and Knowledge Management System"},{"key":"e_1_3_2_9_1","unstructured":"CSI. (2007). Computer crime and security survey 2007. Computer Security Institute http:\/\/i.cmpnet.com\/v2.gocsi.com\/pdf\/CSISurvey2007.pdf (Accessed: 28 May 2008 )."},{"key":"e_1_3_2_10_1","unstructured":"CSI\/FBI. (2006). Computer crime and security survey 2006. Computer Security Institute http:\/\/i.cmpnet.com\/gocsi\/db_area\/pdfs\/fbi\/FBI2006.pdf (Accessed: 28 May 2008 )."},{"key":"e_1_3_2_11_1","unstructured":"CSI\/FBI. (2005). Computer crime and security survey. 2006. Computer Security Institute http:\/\/i.cmpnet.com\/gocsi\/db_area\/pdfs\/fbi\/FBI2005.pdf (Accessed: 28 May 2008 )."},{"key":"e_1_3_2_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11213-007-9082-4"},{"key":"e_1_3_2_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.10.009"},{"key":"e_1_3_2_14_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.10.006"},{"key":"e_1_3_2_15_1","unstructured":"ENISA. (2006). A users' guide: How to raise information security awareness 2006. European Network and Information Security Agency http:\/\/www.enisa.europa.eu\/doc\/pdf\/deliverables\/enisa_a_users_guide_how_to_raise_IS_awareness.pdf (Accessed: 9 June 2008 )."},{"key":"e_1_3_2_16_1","unstructured":"Ernst & Young. (2005). Annual global information security survey 2005 www.vistorm.com\/uplds\/EY_Global_Information_Security_survey_20051.pdf (Accessed: 9 June 2008 )."},{"key":"e_1_3_2_17_1","unstructured":"Ernst & Young. (2006). Annual global information security survey 2006 http:\/\/www.ey.com\/Global\/download. nsf\/International\/TSRS_-_GISS_2006\/$file\/EY_GISS2006.pdf (Accessed: 9 June 2008 )."},{"key":"e_1_3_2_18_1","first-page":"15","article-title":"Security awareness: Switch to a better program","volume":"2","author":"Everett C.J.","year":"2006","unstructured":"Everett , C.J. 2006 . Security awareness: Switch to a better program . Network Security , 2 : 15 \u2013 18 .","journal-title":"Network Security"},{"key":"e_1_3_2_19_1","volume-title":"Series: Advances in Information Security","author":"Frye D.W.","year":"2007","unstructured":"Frye , D.W. 2007 . \u201c Network security policies and procedures \u201d . In Series: Advances in Information Security , New York: Springer-Verlag ."},{"key":"e_1_3_2_20_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(06)70451-2"},{"key":"e_1_3_2_21_1","doi-asserted-by":"publisher","DOI":"10.1108\/09576050210447037"},{"key":"e_1_3_2_22_1","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1016\/S1361-3723(08)70068-X","article-title":"Getting the most from training sessions: the art of raising security awareness without curing insomnia","author":"Goucher W.","year":"2008","unstructured":"Goucher , W. 2008 . Getting the most from training sessions: the art of raising security awareness without curing insomnia . Computer Fraud & Security , : 15","journal-title":"Computer Fraud & Security"},{"key":"e_1_3_2_23_1","doi-asserted-by":"publisher","DOI":"10.1201\/1086\/43298.9.6.20010102\/30985.4"},{"key":"e_1_3_2_24_1","doi-asserted-by":"publisher","DOI":"10.1201\/1086\/43316.10.3.20010701\/31727.6"},{"key":"e_1_3_2_25_1","doi-asserted-by":"publisher","DOI":"10.1108\/09685220010372564"},{"key":"e_1_3_2_26_1","unstructured":"Information technology\u2014security techniques\u2014code of practice for information security management . ISO.IEC 17799: 2005: International Standards Association 2005 . 2005 . ISO\/IEC"},{"key":"e_1_3_2_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1386-5056(00)00112-X"},{"key":"e_1_3_2_28_1","volume-title":"Research Colloquium","author":"Knapp K.J.","year":"2004","unstructured":"Knapp , K.J. , Marshall , T.E. , Rainer , R.K. and Morrow , D.W. 2004 . \u201c Top-ranked information security issues: The 2004 international information systems security certification consortium (ISC)2 survey results \u201d . In Research Colloquium , Auburn, Alabama : Auburn University ."},{"key":"e_1_3_2_29_1","unstructured":"Kritzinger E. (2006). An information security retrieval and awareness model for industry. Doctoral dissertation University of South Africa http:\/\/etd.unisa.ac.za\/ETD-db\/ETD-desc\/describe?urn=etd-11062006-094238 (Accessed: 6 October 2007 )."},{"key":"e_1_3_2_30_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.02.008"},{"key":"e_1_3_2_31_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(03)00007-5"},{"key":"e_1_3_2_32_1","first-page":"49","volume-title":"ISSE\/SECURE 2007 Securing Electronic Business Processes Highlights of the Information Security Solutions Europe\/SECURE 2007 Conference (part 1), Vieweg","author":"Maeyer D.D","unstructured":"Maeyer , D.D . . Setting up an effective information security awareness program . ISSE\/SECURE 2007 Securing Electronic Business Processes Highlights of the Information Security Solutions Europe\/SECURE 2007 Conference (part 1), Vieweg . pp. 49 \u2013 58 ."},{"key":"e_1_3_2_33_1","unstructured":"Mathisen J. (2004). Measuring information security awareness \u2013 A survey showing the Norwegian way to do it. Master Thesis NISlab Norwegian Information Security Laboratory campus IT university http:\/\/dsv.su.se\/en\/seclab\/pages\/msckththeses-en (Accessed: 6 October 2007 )."},{"key":"e_1_3_2_34_1","doi-asserted-by":"crossref","first-page":"346","DOI":"10.1145\/1027802.1027882","volume-title":"Proceedings of the 32nd Annual ACM SIGUCCS Conference on User Services","author":"McCoy C.","year":"2004","unstructured":"McCoy , C. and Fowler , R.T. 2004 . \u201c You are the key to security: Establishing a successful security awareness program \u201d . In Proceedings of the 32nd Annual ACM SIGUCCS Conference on User Services 346 \u2013 349 . Baltimore, MD"},{"key":"e_1_3_2_35_1","unstructured":"NIST. (2003). Building an information technology security awareness and training program. In M. Wilson (ed.) NIST Special Publication 800\u201350. Gaithersburg MD: National Institute of Standards and Technology http:\/\/csrc.nist.gov\/publications\/nistpubs\/ (Accessed: 6 October 2007 )."},{"key":"e_1_3_2_36_1","unstructured":"NIST. (1998). Information technology security training requirements: A role- and performance-based model. In M. Wilson (ed.) NIST Special Publication 800\u201316. Gaithersburg MD: National Institute of Standards and Technology http:\/\/csrc.nist.gov\/publications\/nistpubs\/ (Accessed: 6 October 2007 )."},{"key":"e_1_3_2_37_1","doi-asserted-by":"publisher","DOI":"10.1080\/10658980701747237"},{"key":"e_1_3_2_38_1","doi-asserted-by":"publisher","DOI":"10.1201\/1086\/45241.14.2.20050501\/88292.6"},{"key":"e_1_3_2_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.163"},{"key":"e_1_3_2_40_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1361-3723(06)70355-4"},{"key":"e_1_3_2_41_1","unstructured":"Puhakainen P. (2006). A design theory for information security awareness. Doctoral Dissertation Department of information processing science University of Oulu http:\/\/herkules.oulu.fi\/isbn9514281144\/ (Accessed: 6 October 2007 )."},{"key":"e_1_3_2_42_1","unstructured":"PWHC. (2006). PricewaterhouseCoopers. Information security breaches survey - Technical report 2006 http:\/\/www.pwc.com\/Extweb\/pwcpublications.nsf\/docid\/F9843CD3C 8E0FB828025715A0058C63B (Accessed: 6 October 2007 )."},{"key":"e_1_3_2_43_1","first-page":"177","volume-title":"Individual's response to security messages: A decision-making perspective, decision support for global enterprises, In Series: Annals of Information Systems","author":"Qing T.","year":"2007","unstructured":"Qing , T. , Ng , B. and Kankanhalli , A. 2007 . Individual's response to security messages: A decision-making perspective, decision support for global enterprises, In Series: Annals of Information Systems , 177 \u2013 191 . . New York: Springer-Verlag ."},{"key":"e_1_3_2_44_1","volume-title":"Proceedings of ISSA 2003","author":"Schlienger T.","year":"2003","unstructured":"Schlienger , T. and Teufel , S. 2003 . \u201c Information security culture - from analysis to change \u201d . In Proceedings of ISSA 2003 , South Africa : Johannesburg ."},{"key":"e_1_3_2_45_1","unstructured":"Security Awareness Index Report. (2002). The state of security awareness among organizations worldwide. ITToolBox and Pentasafe 2002 http:\/\/security.ittoolbox.com\/pub\/AM101502a.pdf (Accessed: 9 June 2008 )."},{"key":"e_1_3_2_46_1","doi-asserted-by":"publisher","DOI":"10.1108\/09685220010371394"},{"key":"e_1_3_2_47_1","doi-asserted-by":"publisher","DOI":"10.1108\/09685229510792988"},{"key":"e_1_3_2_48_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2004.07.001"},{"key":"e_1_3_2_49_1","doi-asserted-by":"crossref","first-page":"193","DOI":"10.1007\/978-0-387-72367-9_17","volume-title":"New Approaches for Security, Privacy and Trust in Complex Environments","author":"Steyn T.","year":"2007","unstructured":"Steyn , T. , Kruger , H. and Drevin , L. 2007 . \u201c Identity Theft - Empirical evidence from a Phishing exercise. In: IFIP International Federation for Information Processing \u201d . In New Approaches for Security, Privacy and Trust in Complex Environments , Edited by: Venter , H. , Eloff , M. , Labuschagne , L. , Eloff , j and von Sohns , R. Vol. 232 , 193 \u2013 203 . Boston : Springer . 2007"},{"key":"e_1_3_2_50_1","volume-title":"Basics of Qualitative Research: Grounded Theory Procedures and Techniques","author":"Strauss L. A.","year":"1990","unstructured":"Strauss , L. A. and Corbin , J. 1990 . Basics of Qualitative Research: Grounded Theory Procedures and Techniques , Newbury Park, CA : Sage ."},{"key":"e_1_3_2_51_1","volume-title":"Proceedings of the IFIP TC11 WG11.3 First World Conference on Information Security Education (WISE1)","author":"Thomson M.","unstructured":"Thomson , M. . Making information security awareness and training more effective . Proceedings of the IFIP TC11 WG11.3 First World Conference on Information Security Education (WISE1) . Kista, Sweden. 1999"},{"key":"e_1_3_2_52_1","doi-asserted-by":"publisher","DOI":"10.1108\/09685229810227649"},{"key":"e_1_3_2_53_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1361-3723(06)70370-0"},{"key":"e_1_3_2_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2006.119"},{"key":"e_1_3_2_55_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(00)07021-8"},{"key":"e_1_3_2_56_1","volume-title":"Proceedings of the IFIP TC11 17th International Conference on Information Security: Visions and Perspectives, 2002","author":"Vroom C.","unstructured":"Vroom , C. and von Solms , R. . A Practical Approach to Information Security Awareness in the Organization . Proceedings of the IFIP TC11 17th International Conference on Information Security: Visions and Perspectives, 2002 ."},{"key":"e_1_3_2_57_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2004.01.012"},{"key":"e_1_3_2_58_1","doi-asserted-by":"publisher","DOI":"10.1016\/0142-0496(95)80197-9"},{"key":"e_1_3_2_59_1","volume-title":"Proceedings of the IFIP TC11 WG11.8 First World Conference on Information Security Education (WISE1)","author":"Yngstr\u00f6m L.","unstructured":"Yngstr\u00f6m , L. and Bj\u00f6rck , F. . The Value and Assessment of Information Security Education and Training . Proceedings of the IFIP TC11 WG11.8 First World Conference on Information Security Education (WISE1) . Stockholm. 1999"}],"container-title":["Information Security Journal: A Global Perspective"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.tandfonline.com\/doi\/pdf\/10.1080\/19393550802492487","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,6]],"date-time":"2026-02-06T19:38:06Z","timestamp":1770406686000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.tandfonline.com\/doi\/full\/10.1080\/19393550802492487"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,12,4]]},"references-count":58,"journal-issue":{"issue":"5-6","published-print":{"date-parts":[[2008,12,5]]}},"alternative-id":["10.1080\/19393550802492487"],"URL":"https:\/\/doi.org\/10.1080\/19393550802492487","relation":{},"ISSN":["1939-3555","1939-3547"],"issn-type":[{"value":"1939-3555","type":"print"},{"value":"1939-3547","type":"electronic"}],"subject":[],"published":{"date-parts":[[2008,12,4]]}}}