The effect of perceived organizational culture on employees’ information security compliance

Karlsson, Martin; Karlsson, Fredrik; Åström, Joachim; Denk, Thomas

doi:10.1108/ics-06-2021-0073

Cited by 16 publications

(18 citation statements)

References 65 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hu et al (2012) and Solomon and Brown (2021), hence, used only the control orientations RO and GO to assess the role of culture in information security compliance behaviour. However, Karlsson et al (2022) claim cultural differences in control (RO, GO) and flexibility (SO, IO) have little bearing on compliance behaviour, with an internal (RO, SO) focus in contrast to an external focus (GO, IO) being more salient. The SO and IO orientations have rarely been examined in information security research (Hu et al , 2012; D'Arcy and Greene, 2014; Tang and Li, 2016; Solomon and Brown, 2021).…”

Section: Conceptual Backgroundmentioning

confidence: 99%

“…Hence, there have been numerous studies directed at understanding and explaining employee compliance behaviour (Alassaf and Alkhalifah, 2021; Cram et al , 2019; Moody et al , 2018). Factors directly and indirectly influencing compliance behaviour are many and varied, with organisation culture playing a key role (Hu et al , 2012; Ali et al , 2021; Karlsson et al , 2022). Similarly fostering an information security culture has been touted as a means of improving employee information security compliance behaviour (Dong et al , 2021; Alshaikh, 2020; Alshare et al , 2018).…”

Section: Conceptual Backgroundmentioning

confidence: 99%

“…The SO and IO orientations have rarely been examined in information security research (Hu et al , 2012; D'Arcy and Greene, 2014; Tang and Li, 2016; Solomon and Brown, 2021). In this study, as with Karlsson et al (2022), all four orientations will be used to characterise culture. We go further, however, by examining both organisation and information security across all four orientations (see Table 1 below).…”

Section: Conceptual Backgroundmentioning

confidence: 99%

“…Figure 1 below is illustrative of the conceptual framing for the study. Prior research has demonstrated that organisational culture, across a range of dimensions, influences employee information security compliance behaviour (Hu et al , 2012; Solomon and Brown, 2021; Karlsson et al , 2022). Similarly information security culture has been shown as influential on compliance behaviour (D'Arcy and Greene, 2014; Solomon and Brown, 2021).…”

Section: Conceptual Backgroundmentioning

confidence: 99%

See 3 more Smart Citations

COVID-19 pandemic-induced organisational cultural shifts and employee information security compliance behaviour: a South African case study

Butler

Brown

2023

ICS

View full text Add to dashboard Cite

Purpose The purpose of this preliminary empirical research study is to understand how environmental disruption such as brought on by the COVID-19 pandemic induces shifts in organisational culture, information security culture and subsequently employee information security compliance behaviour. Design/methodology/approach A single-organisation case study was used to develop understanding from direct experiences of organisational life. Both quantitative and qualitative data were collected using a sequential mixed methods approach, with the qualitative phase following the quantitative to achieve complementarity and completeness in analysis. For the quantitative phase, 48 useful responses were received after a questionnaire was sent to all 150–200 employees. For the qualitative phase, eight semi-structured interviews were conducted. Statistical software was used to analyse the quantitative data and NVivo software was used to analyse the qualitative data. Findings The pandemic-induced environmental disruption manifested as a sudden shift to work-from-home for employees, and relatedly an increase in cybercrime. The organisational response to this gave rise to shifts in both organisational and information security culture towards greater control (rule and goal orientations) and greater flexibility (support and innovation orientations), most significantly with information security culture flexibility. The net effect was an increase in employee information security compliance. Originality/value The vast literature on organisational culture and information security culture was drawn on to theoretically anchor and develop parsimonious measures of information security culture. Environmental disruptions such as those caused by the pandemic are unpredictable and their effects uncertain, hence, the study provides insight into the consequences of such disruption on information security in organisations.

show abstract

Section: Conceptual Backgroundmentioning

confidence: 99%

Section: Conceptual Backgroundmentioning

confidence: 99%

Section: Conceptual Backgroundmentioning

confidence: 99%

Section: Conceptual Backgroundmentioning

confidence: 99%

See 2 more Smart Citations

COVID-19 pandemic-induced organisational cultural shifts and employee information security compliance behaviour: a South African case study

Butler

Brown

2023

ICS

View full text Add to dashboard Cite

show abstract

“…Organizations with a bureaucratic organizational structure must recognize the benefit provided by this structure and weigh it carefully when confronted with opportunities for more customer-centric modes of operation. [12]…”

Section: Organizational Structurementioning

confidence: 99%

What Triggers Violation of Information Security Policies

Dhawan¹

2022

IJCATR

View full text Add to dashboard Cite

This paper offers a framework for information security professionals to evaluate ISP and understand policy non-adherence. It explores the different types of non-adhering behaviors and the motivations behind them. It goes on to share information about the environmental/organizational climates in which non-compliant behaviors are more or less likely to occur and briefly touches on when users are more likely to commit them. Finally, it suggests a user review process as a critical part of information security policy design and implementation.

show abstract

Using the Delphi Method to Elicit Requirements for an International Master’s Program in Information Security Management

Karlsson

Hedström

Kolkowska

2023

Cybersecurity Teaching in Higher Education

View full text Add to dashboard Cite

The effect of perceived organizational culture on employees’ information security compliance

Cited by 16 publications

References 65 publications

COVID-19 pandemic-induced organisational cultural shifts and employee information security compliance behaviour: a South African case study

COVID-19 pandemic-induced organisational cultural shifts and employee information security compliance behaviour: a South African case study

What Triggers Violation of Information Security Policies

Using the Delphi Method to Elicit Requirements for an International Master’s Program in Information Security Management

Contact Info

Product

Resources

About