Recent years have seen an increased recognition of the need to assign security responsibilities. This is particularly evident at the management level, with the growth of security executive roles (eg, CISO, CSO). While this can certainly be considered to represent progress, there has perhaps been less attention to where, or more specifically to whom, security responsibilities should be assigned.
| Construct | Cites | Category | Questions given? | Content validity | Pretests | Response type | Notes |
|---|---|---|---|---|---|---|---|
| Security assessment | NEW | yes | none | none | no |
Trevor Gabriel and Steven Furnell. Selecting security champions. Computer Fraud & Security, 2011(8):8–12, August 2011. doi:10.1016/S1361-3723(11)70082-3.
@article{gabriel_selecting_2011,
abstract = {It takes a certain type of person to properly promote and manage security issues. But can we identify specific links between security behaviours and personality types?
Trevor Gabriel and Steven Furnell of the University of Plymouth carried out a research study to find out. Experimental findings suggest that the personality facets of imagination and immoderation emerge as the strongest indicators, and so may provide a foundation for using personality tests as a contributor towards selecting the most appropriate staff to act as security champions.
Recent years have seen an increased recognition of the need to assign security responsibilities. This is particularly evident at the management level, with the growth of security executive roles (eg, CISO, CSO). For instance, it has been reported that by 2009 approximately 85\% of large organisations had such an executive in place, compared to 56\% in 2008 and just 43\% in 2006.1 While this can certainly be considered to represent progress, there has perhaps been less attention to where, or more specifically to whom, security responsibilities should be assigned.},
author = {Gabriel, Trevor and Furnell, Steven},
doi = {10.1016/S1361-3723(11)70082-3},
issn = {1361-3723},
journal = {Computer Fraud \& Security},
month = {August},
number = {8},
pages = {8-12},
title = {Selecting Security Champions},
volume = {2011},
year = {2011}
}