A Conceptual Model to Understand Information Security Culture

Alnatheer, Mohammed A.

doi:10.7763/ijssh.2014.v4.327

Cited by 24 publications

(17 citation statements)

References 8 publications

(11 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Accordingly, Hofstede et al (1990) and Govender et al (2016) have argued that national culture is a determinant of organizational culture and values. Alnatheer (2014) affirmed this argument, reporting that most information security elements are affected by information security culture, a product of national culture and organizational culture. Despite these research findings, cultural consideration of the information security agenda is lacking.…”

Section: Introductionmentioning

confidence: 95%

Effects of culture on graphical password image selection and design

Mohamed

Chakraborty

Pillutla

2020

JSIT

View full text Add to dashboard Cite

Purpose The purpose of this study is to examine the effects of culture on the cross-cultural design of the recognition-based graphical password (RBG-P) interface as inferred from Chinese and Saudi subjects’ image selections. Design/methodology/approach The authors use a between-group design adopted using two groups of participants from China and the Kingdom of Saudi Arabia to measure the differences caused by the effects of cultures on graphical password image selections. Three hypotheses have been tested in a four-week long study carried out using two questionnaires and an RBG-P webtool designed for images selection. Findings The results have indicated that participants are equally biased not only toward their own culture but also depending on their opinions about other cultures. In addition, when creating the password, it has been observed that culture not only influenced the image selection to create the password but also have an effect on the sequence of the images forming the password. Research limitations/implications Appropriately used image selection differences can be used appropriately in cross-cultural designs that will lead to better development of culturally adaptive interfaces that will boost the security posture of RBG-P authentication. Practical implications Some RBG-P interfaces that are produced outside the designer’s culture may suffer the effects of cultural differences. Hence, to incorporate culture in the interface, authentication systems within applications should be flexible by designing images that fit the culture in which the software will be used. To this end, access control interface testing should also be carried out in the environmental and cultural context in which it is will be used. Originality/value This paper provides useful information for international developers who develop cross-cultural usable secure designs. In such environments, the cross-culturally designs may have significant effects on the acceptability and adoption adaptation of the interface to multi-cultural settings.

show abstract

Section: Introductionmentioning

confidence: 95%

Effects of culture on graphical password image selection and design

Mohamed

Chakraborty

Pillutla

2020

JSIT

View full text Add to dashboard Cite

show abstract

“…It is suggested that the ISC should change the employee's motivation for cyber awareness [13]. In another development, understanding the facets of information security can help all employees, especially the elderlies, in their daily work [14]. In other development, by educating every employee especially among the elderly people on the aspects of information security can help them to perform in their daily job [14].…”

Section: 1organization Factorsmentioning

confidence: 99%

“…In another development, understanding the facets of information security can help all employees, especially the elderlies, in their daily work [14]. In other development, by educating every employee especially among the elderly people on the aspects of information security can help them to perform in their daily job [14]. From the abovementioned discussion, the following hypothesis is developed: H1: The organization factors (i.e., security training and awareness program, information security policy provision and information security culture) is positively related to cybersecurity awareness.…”

Section: 1organization Factorsmentioning

confidence: 99%

Assessing the influential factors of cybersecurity awareness in Malaysia during the pandemic outbreak: a structural equation modeling

Wahid¹,

Buja²,

Jono³

et al. 2021

IJATEE

View full text Add to dashboard Cite

The advanced growth of communication technology today has brought great benefits to the people of Malaysia in many ways. One of those is the introduction of Society 5.0 concept, in which referring to smart cities which will solve future issues and challenges using digital approaches including artificial intelligence (AI), big data and Internet of Things (IoT). Big data collected by the various devices will be analysed and transformed into new type of innovation technologies by AI and will be beneficial for all levels of the community. The aim of society 5.0 is to change our lifestyle to becoming more comfortable with digital technology and its services whenever it is needed. Despite of its advantage, some problems have come into the picture. *Author for correspondenceOne of the problems is cybersecurity awareness among the elderly people. It had been reported in 2017 in the UK, the risk of senior citizens being cyber fraud victims is getting higher, which predicted more than one million elderlies will be attacked by scammer through email [1].Statistically, 8% of 75 years old and above internet users claimed that they were a victim and almost 75% of the age group said technology had exposed them to online danger although it offers many benefits [2,3]. There are about 62,000 complaints about fraud received from senior citizens with total loss of almost $650 million, whereas tech support fraud is speeding up and the elderlies will be the majority victims [4−6]. Therefore, it is timely to create cybersecurity awareness among the elderlies. Thus, the objective of this study is to further investigate the relationship of

show abstract

“…The aim of establishing an ISC is to encourage employees' and stakeholders' adherence to the organization's ISPs [1]. ISC can be defined as the perceptions, attitudes, assumptions, beliefs, values, and knowledge of employees or stakeholders when interacting with organizational systems and processes, with the aim of protecting information assets and influencing security behavior to ensure compliance with policies and controls [20,21]. Since ISC is an expansion of an organization's culture [19,20], embedding the expected culture depends on each organization's condition, which is influenced by many factors; therefore, it is vital to understand the factors that can contribute to the success of ISC.…”

Section: Introductionmentioning

confidence: 99%

Information security cultural differences among health care facilities in Indonesia

Sari

Prasetio

Candiwan

et al. 2021

Heliyon

View full text Add to dashboard Cite

Background: Health information security (IS) breaches are increasing with the use of information technology for health care services, and a strong security culture is important for driving employees' information asset protection behavior.Objective: This study aimed to analyze differences in information security cultures (ISCs) across health care providers based on factors drawn from the ISC model. Methods: We used twelve factors to measure the ISCs of health care providers. This research applied a survey method with the Kruskal-Wallis H Test and the Mann-Whitney U Test as data analysis techniques. We collected the data through a questionnaire distributed to 470 employees of health care facilities (i.e. hospitals, community health centers, and primary care clinics) in Indonesia. Results: The results revealed the differences between health care provider types for 9 of the 12 security culture factors. Top management support, change management, and knowledge were the differentiating factors between all types of health care providers. Organizational culture and security compliance only differed in primary care clinics. Meanwhile, security behavior, soft issues and workplace independence, information security policies, training, and awareness only differed in hospitals. Conclusion:The results indicated that each type of health care provider required different approaches to develop an ISC considering the above factors. They provided insight for top management to design suitable programs for cultivating ISCs in their institutions.

show abstract

A Conceptual Model to Understand Information Security Culture

Cited by 24 publications

References 8 publications

Effects of culture on graphical password image selection and design

Effects of culture on graphical password image selection and design

Assessing the influential factors of cybersecurity awareness in Malaysia during the pandemic outbreak: a structural equation modeling

Information security cultural differences among health care facilities in Indonesia

Contact Info

Product

Resources

About