The information security culture was assessed by means of a quantitative staff survey one year after a large-scale awareness campaign. The goal of the assessment was to get an initial status quo measurement and also to measure the reception of the previous awareness campaign.


The information security management mostly disregards the human dimension. The main focus is on technical and procedural measures. The user is seen as a security enemy, not as a security asset. In our paper we identify some problems, that emerge from this sight […]