Information security culture – state-of-the-art review between 2000 and 2013

Karlsson, Fredrik; Åström, Joachim; Karlsson, Martin

doi:10.1108/ics-05-2014-0033

Cited by 51 publications

(40 citation statements)

References 81 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If focus groups or interviews are conducted, the method could extend to an inductive method. 978-1-4673-8460-5/16/$31.00 ©2016 IEEE • Strategy: Quantitative research methods have been used with great success in the information security discipline [2,29,50]. One of the benefits of using a quantitative approach is that specific areas of concern (e.g.…”

Section: B Research Philosophy Of and Approach To Cybersecurity Culturementioning

confidence: 99%

See 1 more Smart Citation

A cybersecurity culture research philosophy and approach to develop a valid and reliable measuring instrument

Veiga

2016

2016 SAI Computing Conference (SAI)

View full text Add to dashboard Cite

Abstract-A cybersecurity culture must be promoted at an international, national, organizational, and individual level to aid in minimizing risks from a human perspective in cyberspace. To promote such a culture it has to be understood and quantified in order to direct change. This research makes use of the disciplines of information technology and industrial psychology to define a cybersecurity culture. A quantitative research methodology, cybersecurity culture research methodology (CSeCRM), is proposed that can be used to measure a cybersecurity culture. The objective of CSeCRM is to ensure that a reliable and valid measuring instrument is used to measure cybersecurity culture. The results derived from using such an instrument can aid in identifying actions to change and direct the cybersecurity culture at, for instance, schools or businesses, at national or international level. The CSeCRM is illustrated by implementing it in an organization where a cybersecurity culture measuring instrument was validated.

show abstract

Section: B Research Philosophy Of and Approach To Cybersecurity Culturementioning

confidence: 99%

“…• Factor A -20 statements: 49,55,50,54,62,35,61,58,57,28,60,22,56,24,66,64,42,21,47,32 • Factor B -13 statements: 44,43,30,36,45,29,34,38,46,53,19,27,52 • Factor C -5 statements: 26, 23, 39, 31, 33…”

Section: ) Confirm Validity Of the Questionnairementioning

confidence: 99%

A cybersecurity culture research philosophy and approach to develop a valid and reliable measuring instrument

Veiga

2016

2016 SAI Computing Conference (SAI)

View full text Add to dashboard Cite

show abstract

“…For example, in [10] it is argued that information security obedience (i.e., compliance with policies) binds together information security, corporate governance and corporate culture and in [11] "culture" is described as the ideal state of "compliance. The most frequently cited their theoretical frameworks in r research on information security culture [12] are those of Edgar Schein and Geert Hofstede. Schein's framework is a three-tiered model that explains organizational culture on the levels of shared basic assumptions, espoused values and artifacts/behaviors [13].…”

Section: Information Security Culturementioning

confidence: 99%

Social Groupings and Information Security Obedience Within Organizations

Sommestad

2015

ICT Systems Security and Privacy Protection

View full text Add to dashboard Cite

“…It is discussed in the next section. Karlsson et al's (2015) systematic review of information security culture research identifies that almost 40 percent of the papers are theoretical and do not include empirical data. Unlike those papers, this research is based on empirical data and it is conducted with a qualitative interpretivist approach using an embedded single case study methodology.…”

Section: Summary: Analysing Socio-technical Aspects Of Securitymentioning

confidence: 99%

“…Unfortunately, most research has focussed on technology and more work is required on the sociotechnical aspects of information security (Hagen, Albrechtsen, & Hovden, 2008) In response to this need to focus on the socio-technical threats, and Karlsson et al's (2015) exhortation for more empirical and in-depth research, this paper presents a case study of a major bank in a developing economy. Since global finance is highly interconnected, it is important that banks in such economies do not comprise a weak link and hence results from this case have value for the industry as a whole.…”

Section: Introductionmentioning

confidence: 99%

Analysing information security in a bank using soft systems methodology

Damenu

Beaumont

2017

ICS

View full text Add to dashboard Cite

Purpose -This paper explores the use of Soft Systems Methodology (SSM) to analyse the sociotechnical information security issues in a major bank.Design/methodology/approach -Case study research was conducted on a major bank. Semistructured interviews with a purposive sample of key stakeholders in the business, comprising senior managers, security professionals and branch employees were conducted.Findings -SSM was particularly useful for exploring the holistic information security issues, enabling models to be constructed which were valuable analytical tools and easily understood by stakeholders, which increased the receptiveness of the bank, and assisted with member validation.Significant risks were apparent from internal sources with weaknesses in aspects of governance and security culture.Research limitations/implications -This research uses a single case study and whilst it cannot be generalised, it identifies potential security issues others may face and solutions they may apply.Practical implications -Information security is complex and addresses technical, governance, management and cultural risks. Banking attacks are changing, with greater focus on employees and customers. A systemic approach is required for full consideration. SSM is a suitable approach for such analysis within large organisations.Originality/value -Demonstrates how important benefits can be obtained by using SSM alongside traditional risk assessment approaches to identify holistic security issues. A holistic approach is particularly important given the increasing complexity of the security threat surface. Banking was selected as a case study since it is both critical to society and is a prime target for attack. Furthermore, developing economies are under-represented in information security research, this paper adds to the evidence base. Since global finance is highly interconnected, it is important that banks in such economies do not comprise a weak link and hence results from this case have value for the industry as a whole. | P a g e

show abstract

Information security culture – state-of-the-art review between 2000 and 2013

Cited by 51 publications

References 81 publications

A cybersecurity culture research philosophy and approach to develop a valid and reliable measuring instrument

A cybersecurity culture research philosophy and approach to develop a valid and reliable measuring instrument

Social Groupings and Information Security Obedience Within Organizations

Analysing information security in a bank using soft systems methodology

Contact Info

Product

Resources

About