Organizations deploy a team of dedicated security professionals and spend significant resources safeguarding their digital assets. Despite best efforts, security incidents are on the rise and remain a key challenge. The literature has focused inadequately on the lack of professionals’ awareness of security, system, or situational aspects. Extant literature on the impact of awareness on threat management tasks is disjointed and does not adequately consider the metacognitive awareness and self-efficacy of security professionals. To this effect, we propose and empirically validate a model to study the relationship between security, system, situational awareness, and security professionals’ ability to detect, assess, and mitigate threats. We also investigate the effects of metacognitive awareness and self-efficacy on the relationship between awareness and threat management tasks. We validate the model using a survey of 100 information security professionals. Results indicate a significant relationship between awareness, metacognitive awareness, self-efficacy, and threat management task performance. The analysis also demonstrates that metacognitive awareness and self-efficacy mediated the impact of awareness on threat management task performance. We discuss the effects and implications of this study for practice and research.

组织部署了一支敬业的安全专业人员团队，并花费大量资源来保护他们的数字资产。尽管尽了最大努力，但安全事件仍在增加，并且仍然是一个关键挑战。文献没有充分关注专业人员缺乏对安全、系统或情境方面的认识。关于意识对威胁管理任务影响的现有文献是脱节的，没有充分考虑安全专业人员的元认知意识和自我效能。为此，我们提出并凭经验验证了一个模型来研究安全、系统、态势感知和安全专业人员检测、评估和缓解威胁的能力之间的关系。我们还调查了元认知意识和自我效能感对意识和威胁管理任务之间关系的影响。我们通过对 100 名信息安全专业人员的调查来验证该模型。结果表明意识、元认知意识、自我效能感和威胁管理任务绩效之间存在显着关系。分析还表明，元认知意识和自我效能感介导了意识对威胁管理任务绩效的影响。我们讨论了这项研究对实践和研究的影响和意义。分析还表明，元认知意识和自我效能感介导了意识对威胁管理任务绩效的影响。我们讨论了这项研究对实践和研究的影响和意义。分析还表明，元认知意识和自我效能感介导了意识对威胁管理任务绩效的影响。我们讨论了这项研究对实践和研究的影响和意义。