Date of Conferral
Doctor of Information Technology (D.I.T.)
Information Systems and Technology
Humans are the weakest link in any information security (IS) environment. Research has shown that humans account for more than half of all security incidents in organizations. The purpose of this qualitative case study was to explore the strategies IS managers use to provide training and awareness programs that improve compliance with organizational security policies and reduce the number of security incidents. The population for this study was IS security managers from 2 organizations in Western New York. Information theory and institutional isomorphism were the conceptual frameworks for this study. Data collection was performed using face-to-face interviews with IS managers (n = 3) as well as secondary data analysis of documented IS policies and procedures (n = 28). Analysis and coding of the interview data was performed using a qualitative analysis tool called NVivo, that helped identify the primary themes. Developing IS policy, building a strong security culture, and establishing and maintaining a consistent, relevant, and role-based security awareness and training program were a few of the main themes that emerged from analysis. The findings from this study may drive social change by providing IS managers additional information on developing IS policy, building an IS culture and developing role-specific training and awareness programs. Improved IS practices may contribute to social change by reducing IS risk within organizations as well as reducing personal IS risk with improved IS habits.