Information security culture: A definition and a literature review

Alhogail, Areej; Mirza, Abdulrahman A.

doi:10.1109/wccais.2014.6916579

Cited by 38 publications

(38 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The objective is not to provide yet another definition for information security culture or to develop a taxonomy but to review and compare different views of the term information security culture. We recognize that other studies have reviewed the literature on information security culture in terms of dimensions and frameworks used to assess information security culture also provided a short review of different definitions of information security culture [1,26,37]. What distinguishes our studies with other studies is that we provide a systematic collection and review of definitions of information security culture categorized in four views of culture.…”

Section: Introductionmentioning

confidence: 99%

Critical Analysis of Information Security Culture Definitions

Ruhwanya

Ophoff

2020

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

This article aims to advance the understanding of information security culture through a critical reflection on the wide-ranging definitions of information security culture in the literature. It uses the hermeneutic approach for conducting literature reviews. The review identifies 16 definitions of information security culture in the literature. Based on the analysis of these definitions, four different views of culture are distinguished. The shared values view highlights the set of cultural value patterns that are shared across the organization. An action-based view highlights the behaviors of individuals in the organization. A mental model view relates to the abstract view of the individual's thinking on how information security culture must work. Finally, a problem-solving view emphasizes a combination of understanding from shared value-based and actionbased views. The paper analyzes and presents the limitations of these four views of information security culture definitions.

show abstract

Section: Introductionmentioning

confidence: 99%

Critical Analysis of Information Security Culture Definitions

Ruhwanya

Ophoff

2020

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

show abstract

“…The interaction results in acceptable or unacceptable behavior evident in artifacts and creations that become part of the way things are done in an organization to protect its information assets". In [15] have defined information security culture as "The collection of perceptions, attitudes, values, assumptions and knowledge that guides how things are done in an organization in order to be consistent with the information security requirements with the aim of protecting the information assets and influencing employees' security behavior in a way that preserving the information security becomes a second nature". Another definition presented by [16] is "The collection of human attributes such as behaviors, attitudes, and values that help to the protection of all the information in an organization.…”

Section: Introductionmentioning

confidence: 99%

A Conceptual Model for Exploring the Factors Influencing Information Security Culture

Mahfuth¹,

Yussof²,

Bakar³

et al. 2017

IJSIA

View full text Add to dashboard Cite

show abstract

“…Information Security (IS) in organisations aims to protect information assets, in part, by influencing employees' security behaviour [1]. This is increasingly important in organisations because the role of digital information becomes more important over time [2].…”

Section: Introductionmentioning

confidence: 99%

Management Attitudes toward Information Security in Omani Public Sector Organisations

Al-Izki

Weir

2016

2016 Cybersecurity and Cyberforensics Conference (CCC)

View full text Add to dashboard Cite

AbstractÑ The incorporation of ICT in public sector organisations is progressing rapidly in Oman where the government sees this as a means to enhance the delivery of online services. In this context, preserving the security of information, and making Information Security a core organisational aspect in public sector organisations, requires attention from management. Our research is the first known attempt to gauge management attitudes toward Information Security in Oman. We also consider how such attitudes influence Information Security governance. In addressing these issues, we review current compliance with Information Security procedures in Omani public sector organisations; review management attitudes toward Information Security governance practices; and explore how management attitudes toward Information Security impact upon these aspects.

show abstract

Information security culture: A definition and a literature review

Cited by 38 publications

References 21 publications

Critical Analysis of Information Security Culture Definitions

Critical Analysis of Information Security Culture Definitions

A Conceptual Model for Exploring the Factors Influencing Information Security Culture

Management Attitudes toward Information Security in Omani Public Sector Organisations

Contact Info

Product

Resources

About