**Acknowledgements**

• predefined regulations have to be lived, and this requires a cultural change in the

Moreover, the author can enrich the current report results of [80] with her own experience

Note: No digitization without IS; no IS without continuously increasing ISA and user-cen-

Introduce ISMS for the institution. Create a position for the IS and introduce security officers.

Big institutions may consider whether a Chief Digital Officer makes sense nowadays. Undoubtedly, all institutions today need IS officers plus a data protection officer and an emer-

The knowledge assets of an institution and the value of IS are crucial factors in the success of the digital transformation. The use of digital technologies requires new skills from the employees and creates new job profiles. Such new job profiles should include awareness,

Businesses should clearly distinguish between the digital strategy for business processes and business models, because the transformation processes have different results to the goal and require different approaches. Public administrations should think about new processes too,

According to [81], the six major digital trends (mobility, big data, social media, cloud computing, artificial intelligence, and robotics) primarily affect six areas in companies (business models, products and services, customer segments, channels, business processes, and workplaces). The IS challenges will not diminish; attacks will become more diverse. Institutions must make efforts to educate all employees not only in the work environment but also as a means to safeguard their private lives and thus society. Game-based learning (GBL) is especially effective as a means to stimulate motivation and change behavior and should be explicitly used for raising awareness. ISATs should combine GBL plus PBL plus AL in line with real-life situations [51]. Because of complex nonlinear relations between knowledge of IS, attitudes, and the secure behavior of human beings in day-to-day organizational work and in their private lives, further scientific explorations of ISA and ISAT are needed in future. This further research work can be carried out very well at the TUAS Wildau in a research and teaching unit with practical relevance, since here studies for nontechnical public administration have been offered for years, and in winter semester 2018/19 the degree program in administrative

gency officer—and they should think carefully about an awareness officer too.

and findings for future activities in public administrations as well as in companies:

organizations.

48 Public Management and Administration

tered ISAT.

1. Strategically anchor digitization

2. Create organizational units

3. Define responsibilities

4. Build up digital literacy

5. Distinguish business processes and models

combined, however, with IS and ISA.

computer science will be launched.

particularly ISA.

I would like to thank my interdisciplinary research and development team for their reliable and creative cooperation in the field of information security awareness. I thank Frauke Fuhrmann, Denis Edich, Ernst-Peter Ehrlich, Kai-Benjamin Leiner, Lars Robin Scholl, and Peter Koppatz for the successful completion of our "SecAware4job" project funded by the Horst Görtz Foundation (HGS). I would like to thank Dr. Horst Görtz and the HGS for financial support of the "SecAware4job" project and for publication of this book chapter. Moreover, I thank our project partner Dietmar Pokoyski and his company known\_sense in Cologne for their cooperation—he is also the sole distribution partner for all of our gamebased learning scenarios.
