An Inclusive Information Society Needs a Global Approach of Information Security

Åström

Information &Amp; Computer Security

2015

Purpose – The aim of this paper is to survey existing information security culture research to scrutinise the kind of knowledge that has been developed and the way in which this knowledge has been brought about. Design/methodology/approach – Results are based on a literature review of information security culture research published between 2000 and 2013 (December). Findings – This paper can conclude that existing research has focused on a broad set of research topics, but with limited depth. It is striking that the effects of different information security cultures have not been part of that focus. Moreover, existing research has used a small repertoire of research methods, a repertoire that is more limited than in information systems research in general. Furthermore, an extensive part of the research is descriptive, philosophical or theoretical – lacking a structured use of empirical data – which means that it is quite immature. Research limitations/implications – Findings call for future research that: addresses the effects of different information security cultures; addresses the identified research topics with greater depth; focuses more on generating theories or testing theories to increase the maturity of this subfield of information security research; and uses a broader set of research methods. It would be particularly interesting to see future studies that use intervening or ethnographic approaches because, to date, these have been completely lacking in existing research. Practical implications – Findings show that existing research is, to a large extent, descriptive, philosophical or theoretical. Hence, it is difficult for practitioners to adopt these research results, such as frameworks for cultivating or assessment tools, which have not been empirically validated. Originality/value – Few state-of-the-art reviews have sought to assess the maturity of existing research on information security culture. Findings on types of research methods used in information security culture research extend beyond the existing knowledge base, which allows for a critical discussion about existing research in this sub-discipline of information security.

Section: Methodsmentioning

confidence: 99%

mentioning

confidence: 99%

Information security culture – state-of-the-art review between 2000 and 2013

Åström

Information &Amp; Computer Security

2015

“…The exact definition for cyber security is still actively debated in the research community. Some authors use cyber security interchangeably with information security (Astakhova, 2014;Ghernaouti-Helie, 2009). One of the definitions encountered defines cyber security as the protection and preservation of confidentiality, integrity and availability (CIA) of information, which is an asset, in the realm of cyberspace (IEC 27032/IEC 27032, 2012).…”

Section: Introductionmentioning

confidence: 99%

A general morphological analysis: delineating a cyber-security culture

Gcaza

Solms

Grobler

et al. 2017

ICS

Purpose The purpose of this paper is to define and delineate cyber security culture. Cyber security has been a concern for many years. In an effort to mitigate the cyber security risks, technology-centred measures were deemed to be the ultimate solution. Nowadays, however, it is accepted that the process of cyber security requires much more than mere technical controls. On the contrary, it now demands a human-centred approach, including a cyber security culture. Although the role of cultivating a culture in pursuing cyber security is well appreciated, research focusing intensely on cyber security culture is still in its infancy. Additionally, knowledge on the subject is not clearly bounded and defined. Design/methodology/approach General morphological analysis (GMA) is used to define, structure and analyse the cyber security environment culture. Findings This paper identifies the most important variables in cultivating a cyber security culture. Research implications The delineation of the national cyber security domain will contribute to the relatively new domain of cyber security culture. They contribute to the research community by means of promoting a shared and common understanding of terms. It is a step in the right direction towards eliminating the ambiguity of domain assumptions. Practical implications Practically, the study can assist developing nations in constructing strategies that addresses the key factors that need to be apparent in lieu to cultivating its envisaged national culture of cyber security. Additionally, the GMA will contribute to the development of solutions or means that do not overlook interrelations of such factors. Originality/value Delineating and defining the cyber security culture domain more precisely could greatly contribute to realizing the elements that collectively play a role in cultivating such a culture for a national perspective.

E J Info Sys Dev Countries

“…Research has shown the global information society and knowledge economy are constrained by the development and overall acceptance of an international cyber security framework (Ghernaouti-Hélie, 2009). The validity of such a framework or model requires a challenging multidimensional cyber security approach for everyone from individuals to organizations and states (Ghernaouti-Hélie, 2009).…”

mentioning

confidence: 99%

“…The validity of such a framework or model requires a challenging multidimensional cyber security approach for everyone from individuals to organizations and states (Ghernaouti-Hélie, 2009). Ghernaouti-Hélie (2009) emphasized that promoting a culture of cyber security contributes to building a safe and inclusive information society but currently most of efforts are focused on awareness which is appropriate and mandatory but not sufficient.…”

mentioning

confidence: 99%

Design Science Approach to Developing and Evaluating a National Cybersecurity Framework for Jamaica

Dennis

Jones

Kildare

et al. 2014

ABSTRACT:The cyber-security landscape is continuing to evolve and it is therefore important for countries to understand the dynamic forces and be able to foresee the potential risks and vulnerabilities and stem them. One approach is through the development and implementation of proactive strategies, policies and procedures that is guided by a cyber-security strategy and framework at the national level. A recent 2013 UN study revealed that a significant number of countries are without a national cybercrime strategy. This is true for countries in the Caribbean including Jamaica that are currently without a national cyber-security strategy and framework. This has significant implications for our national security and development. This research project therefore seeks to develop and evaluate a National Cyber-security framework, Jamaica National Cyber-security Framework (JNCF) through the application of the Design Science methodology. JNCF incorporates international standards and best practices as a basis to aid in the protection of confidentiality, integrity and availability of national information in Jamaica and serve as a potential blue print for both the private and public sectors within Jamaica. The framework rests on due consideration for the critical assets and infrastructure, stakeholders and legislative and technical controls supported by the definition and scope of cybercrime and global best practices. We argue that these facets facilitate a sound national strategy for combatting cybercrime. Our study has implications for research, government and private sectors as it seeks to develop an artifact that is currently not in existence in Jamaica which can be used to inform the effective management of cyber-crime and security in other developing countries.