Interpreting information security culture: An organizational transformation case study

Dhillon, Gurpreet; Syed, Romilla; Pedron, Cristiane Drebes

doi:10.1016/j.cose.2015.10.001

Cited by 50 publications

(25 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The view supports the cultivation of information security culture as the influence on the behaviors of individuals, which can result in a significant effect in the protection of information [34,49]. Moreover, Schein's [41] definition of culture emphasizes on learning techniques in order to solve problems in the organizations, and the action-based view makes a significant contribution to information security culture with research on security awareness, training and education (SETA) programs and its influence to information security culture [8,15,33].…”

Section: 2mentioning

confidence: 87%

“…The definitions in this view are simple, and they focus more on individual behavior and activities than holistic organizational security. Programs such as a SETA are seen as the primary drive in the cultivation of information security culture [8,15,33]. Research in action-based view focuses on how behaviors influence information security culture.…”

Section: Discussionmentioning

confidence: 99%

“…In information security culture, the concern is no longer in the technical aspect of information security but the balance between processes and technology with the actors such as individuals, groups and organizations [34]. It is well established that cultivation of information security culture in a social context influences the behaviors of individuals which result in significant effects on the protection of information [15,45]. This importance of information security culture has resulted in numerous studies centered on "security culture" and its relationship to different information security subjects such as information security, information security privacy, information security management, and security education training and awareness (SETA) [7,9,12,50].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Critical Analysis of Information Security Culture Definitions

Ruhwanya

Ophoff

2020

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

This article aims to advance the understanding of information security culture through a critical reflection on the wide-ranging definitions of information security culture in the literature. It uses the hermeneutic approach for conducting literature reviews. The review identifies 16 definitions of information security culture in the literature. Based on the analysis of these definitions, four different views of culture are distinguished. The shared values view highlights the set of cultural value patterns that are shared across the organization. An action-based view highlights the behaviors of individuals in the organization. A mental model view relates to the abstract view of the individual's thinking on how information security culture must work. Finally, a problem-solving view emphasizes a combination of understanding from shared value-based and actionbased views. The paper analyzes and presents the limitations of these four views of information security culture definitions.

show abstract

Section: 2mentioning

confidence: 87%

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Critical Analysis of Information Security Culture Definitions

Ruhwanya

Ophoff

2020

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

show abstract

“…Information security culture encompasses the thinking, feelings and everyday activity of employees (Sabbagh, Watterstam, & Kowalski, 2012). Special attention is paid to the values that guide employees in what behaviour should be considered as acceptable or unacceptable when processing information (Dhillon, Syed, & Pedron, 2016;Van Niekerk & Von Solms, 2010). It has been argued that "the information security culture focuses on the socio-cultural aspects of information security management" (Schlienger & Teufel, 2002: 198).…”

Section: Background To Information Security Culturementioning

confidence: 99%

Defining organisational information security culture—Perspectives from academia and industry

Veiga

Астахова

Botha

et al. 2020

Computers & Security

110

View full text Add to dashboard Cite

The ideal or strong information security culture can aid in minimising the threat of humans to information protection and thereby aid in reducing data breaches or incidents in organisations. This research sets out to understand how information security culture is defined from an academic and industry perspective using a mixed-method approach. The definition, factors necessary to instil the ideal information security culture and the potential impact of the ideal information security culture were investigated from both perspectives. A survey approach was implemented to obtain the views from industry and 512 respondents from organisations, many of which operate at an international level, participated in the survey. The research presents a description of information security culture, integrating the existing literature and expanding on it with the views of industry, thereby giving clarity to the concept. The ideal information security culture was identified with the top traits relating to aspects such as an aware and knowledgeable workforce implementing conscientious, caring behaviour to comply with policies as guided by management. The factors that could positively influence an information security culture were identified, consolidated and expanded to five external factors and twenty internal factors. Organisations that have a strong information security culture were identified as achieving mutual trust and integrity through the protection of their information. The description of an information security culture can be used as a baseline to define and understand the concept, identify a single, comprehensive set of factors to be implemented, comprehend the traits of such a culture, as well as what an organisation can achieve by having a strong information security culture. The analysis showed that scientific interpretations of the definitions and factors of information security culture are much wider than their understanding of the industry. Both the results from the scoping review of papers and the feedback from the industry experts are synthesised visually to provide an organisational information security culture model (OISCM). The definition, factors, and model that influence the organisational culture of information security, have prognostic value for industry. For scientists, this is an important topic of research on methods and forms of increasing the level of this knowledge.

show abstract

“…Besides, the user awareness of cyber security threats is another domain that government agencies need to consider. Many studies show that the end user has an essential role in the security of information systems [5][6]. Focusing on the human components by enhancing user awareness in information security has become norm for organizational end-user risk protection [7].…”

Section: Cyber Security Challengesmentioning

confidence: 99%

Transformative Cyber Security Model for Malaysian Government Agencies

Perumal

Pitchay

Samy

et al. 2018

IJET

View full text Add to dashboard Cite

The growth of cyberspace world has uprising government agencies in a new way to serve citizen in a proactive, efficient and productive manner. To have an open, stable and vibrant cyberspace, governments should be more resilient to cyber-attacks and able to protect all government agency’s interest in cyberspace. Therefore, the government needs a transformative cyber governance security model to protect valuable government agencies’ information. The model should be able to detect, defend and deter the vulnerabilities, threats and risks that will emerge in the day to day government administration operation. This paper has introduced a study for some existing cyber governance security models. Thus, it helps in determining the main features of the required model.

show abstract

Interpreting information security culture: An organizational transformation case study

Cited by 50 publications

References 9 publications

Critical Analysis of Information Security Culture Definitions

Critical Analysis of Information Security Culture Definitions

Defining organisational information security culture—Perspectives from academia and industry

Transformative Cyber Security Model for Malaysian Government Agencies

Contact Info

Product

Resources

About