An approach to information security culture change combining ADKAR and the ISCA questionnaire to aid transition to the desired culture

Veiga, Adéle Da

doi:10.1108/ics-08-2017-0056

Cited by 25 publications

(51 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To quantify farmers’ attitudes towards a reduction in AMU, the ADKAR ® change management model was used. This model is already well established in the fields of corporate business and human medicine [ 31 , 37 , 38 ] and offers a practical tool for guiding change. ADKAR ® is an acronym for the 5 building blocks necessary for successful change: Awareness, Desire, Knowledge, Ability, and Reinforcement.…”

Section: Methodsmentioning

confidence: 99%

Coaching Belgian and Dutch Broiler Farmers Aimed at Antimicrobial Stewardship and Disease Prevention

et al. 2021

View full text Add to dashboard Cite

A reduction in antimicrobial use (AMU) is needed to curb the increase in antimicrobial resistance in broiler production. Improvements in biosecurity can contribute to a lower incidence of disease and thereby lower the need for AMU. However, veterinary advice related to AMU reduction or biosecurity is often not complied with, and this has been linked to the attitudes of farmers. Behavior change promoted by coaching may facilitate uptake and compliance regarding veterinary advice. Thirty broiler farms in Belgium and the Netherlands with high AMU were included in this study for 13 months. For each farmer, the attitude towards AMU reduction was quantified using an adjusted Awareness, Desire, Knowledge, Ability, and Reinforcement (ADKAR®) change management model, and farm biosecurity was assessed with the Biocheck.UGent™ tool. Subsequently, farmers were coached to improve disease prevention and antimicrobial stewardship. After the individual coaching of farmers, there was a change in their attitudes regarding AMU, reflected by an increase in ADKAR® scores. Biosecurity levels improved by around 6% on average, and AMU was reduced by 7% on average without negative effects on performance parameters. Despite these improvements, no significant association could be found between higher ADKAR® scores and lower AMU. Further investigation into sociological models is needed as a tool to reduce AMU in livestock production.

show abstract

Section: Methodsmentioning

confidence: 99%

Coaching Belgian and Dutch Broiler Farmers Aimed at Antimicrobial Stewardship and Disease Prevention

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Authors have also considered the protection of an organisation's information assets as a goal of information security culture (Alfawaz, Nelson, & Mohannak, 2010). At the same time, "people are very often perceived as an obstacle rather than an asset in this regard" (Furnell & Thompson, 2009: 5) as security incidents and breaches are often related to employee error or negligence (Da Veiga, 2018). However, today more and more authors are exploring information security culture from the human perspective as a critical resource to success in protecting information resources.…”

Section: Background To Information Security Culturementioning

confidence: 99%

“…Various studies have pointed out that human behaviour is a threat to information security (Lim, et al 2012, Da Veiga 2018 with the behaviour of employees over time resulting in the information security culture (Thompson et al 2006, Da Veiga andMartins 2017). The concept of behaviour was also the most common theme in the literature descriptions of information security culture in table 1.…”

Section: Questionnairementioning

confidence: 99%

Defining organisational information security culture—Perspectives from academia and industry

Veiga

Астахова

Botha

et al. 2020

Computers & Security

Self Cite

113

View full text Add to dashboard Cite

The ideal or strong information security culture can aid in minimising the threat of humans to information protection and thereby aid in reducing data breaches or incidents in organisations. This research sets out to understand how information security culture is defined from an academic and industry perspective using a mixed-method approach. The definition, factors necessary to instil the ideal information security culture and the potential impact of the ideal information security culture were investigated from both perspectives. A survey approach was implemented to obtain the views from industry and 512 respondents from organisations, many of which operate at an international level, participated in the survey. The research presents a description of information security culture, integrating the existing literature and expanding on it with the views of industry, thereby giving clarity to the concept. The ideal information security culture was identified with the top traits relating to aspects such as an aware and knowledgeable workforce implementing conscientious, caring behaviour to comply with policies as guided by management. The factors that could positively influence an information security culture were identified, consolidated and expanded to five external factors and twenty internal factors. Organisations that have a strong information security culture were identified as achieving mutual trust and integrity through the protection of their information. The description of an information security culture can be used as a baseline to define and understand the concept, identify a single, comprehensive set of factors to be implemented, comprehend the traits of such a culture, as well as what an organisation can achieve by having a strong information security culture. The analysis showed that scientific interpretations of the definitions and factors of information security culture are much wider than their understanding of the industry. Both the results from the scoping review of papers and the feedback from the industry experts are synthesised visually to provide an organisational information security culture model (OISCM). The definition, factors, and model that influence the organisational culture of information security, have prognostic value for industry. For scientists, this is an important topic of research on methods and forms of increasing the level of this knowledge.

show abstract

“…The security culture scale developed by Alharbi et al (2017) does not meet the thresholds. Furthermore, six studies do not mention or test any Notes: 1 Security culture is measured as (an independent) unidimensional concept; 2 Information from several articles is collected into one evaluation (IPCA: Da Veiga and Martins, 2015b;Da Veiga, 2016 andDa Veiga, 2018; Information security culture: Masrek et al, 2018a andMasrek et al, 2018b;ISCA: Da Veiga andMartins, 2015a andDa Veiga, 2015; Organisational information security culture: Parsons et al, 2014 andParsons et al, 2015) Legend:…”

Section: Icsmentioning

confidence: 99%

“…•: the criterion is fulfilled : the criterion is partially fulfilled ? : limited evidence because of no numerical data and only an interpretation Empty cell: data is not available Notes: 1 In the case of a partially fulfilled criterion, half of the point was taken into account in the total score; 2 Security culture is measured as (an independent) unidimensional concept; 3 Information about characteristics of the same scale is collected from several articles (Information security culture: Masrek et al, 2018a andMasrek et al, 2018b;ISCA: Da Veiga andMartins, 2015a andDa Veiga, 2015;IPCA: Da Veiga and Martins, 2015b;Da Veiga, 2016 andDa Veiga, 2018; Organisational information security culture: Parsons et al, 2014 andParsons et al, 2015) Legend:…”

Section: Icsmentioning

confidence: 99%

A systematic review of scales for measuring information security culture

Orehek

Petrič

2020

ICS

View full text Add to dashboard Cite

Purpose The concept of information security culture, which recently gained increased attention, aims to comprehensively grasp socio-cultural mechanisms that have an impact on organizational security. Different measurement instruments have been developed to measure and assess information security culture using survey-based tools. However, the content, breadth and face validity of these scales vary greatly. This study aims to identify and provide an overview of the scales that are used to measure information security culture and to evaluate the rigor of reported scale development and validation procedures. Design/methodology/approach Papers that introduce a new or adapt an existing scale of information security culture were systematically reviewed to evaluate scales of information security culture. A standard search strategy was applied to identify 19 relevant scales, which were evaluated based on the framework of 16 criteria pertaining to the rigor of reported operationalization and the reported validity and reliability of the identified scales. Findings The results show that the rigor with which scales of information security culture are validated varies greatly and that none of the scales meet all the evaluation criteria. Moreover, most of the studies provide somewhat limited evidence of the validation of scales, indicating room for further improvement. Particularly, critical issues seem to be the lack of evidence regarding discriminant and criterion validity and incomplete documentation of the operationalization process. Research limitations/implications Researchers focusing on the human factor in information security need to reach a certain level of agreement on the essential elements of the concept of information security culture. Future studies need to build on existing scales, address their limitations and gain further evidence regarding the validity of scales of information security culture. Further research should also investigate the quality of definitions and make expert assessments of the content fit between concepts and items. Practical implications Organizations that aim to assess the level of information security culture among employees can use the results of this systematic review to support the selection of an adequate measurement scale. However, caution is needed for scales that provide limited evidence of validation. Originality/value This is the first study that offers a critical evaluation of existing scales of information security culture. The results have decision-making value for researchers who intend to conduct survey-based examinations of information security culture.

show abstract

An approach to information security culture change combining ADKAR and the ISCA questionnaire to aid transition to the desired culture

Cited by 25 publications

References 28 publications

Coaching Belgian and Dutch Broiler Farmers Aimed at Antimicrobial Stewardship and Disease Prevention

Coaching Belgian and Dutch Broiler Farmers Aimed at Antimicrobial Stewardship and Disease Prevention

Defining organisational information security culture—Perspectives from academia and industry

A systematic review of scales for measuring information security culture

Contact Info

Product

Resources

About