The Influence of Organizational Information Security Culture on Information Security Decision Making

Parsons, Kathryn; Young, Elise G.; Butavicius, Marcus A.; McCormac, Agata; Pattinson, Malcolm R.; Jerram, Cate

doi:10.1177/1555343415575152

Cited by 56 publications

(29 citation statements)

References 42 publications

(57 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…For example, Parsons et al (2015) used the HAIS-Q to explore the relationship between information security and organisational security culture, and reported high Cronbach's alphas of above .80. Most recently, McCormac et al (2017) evaluated the extent to which individual differences (e.g., personality, age, gender) may be associated with HAIS-Q scores, and also reported consistently high Cronbach's alpha scores.…”

Section: Information Security Awareness (Isa): Previous Hais-q Researchmentioning

confidence: 99%

A Reliable Measure of Information Security Awareness and the Identification of Bias in Responses

McCormac

Calic

Butavicius

et al. 2017

AJIS

Self Cite

View full text Add to dashboard Cite

The Human Aspects of Information Security Questionnaire (HAIS-Q) is designed to measure Information Security Awareness. More specifically, the tool measures an individual's knowledge, attitude, and self-reported behaviour relating to information security in the workplace. This paper reports on the reliability of the HAIS-Q, including test-retest reliability and internal consistency. The paper also assesses the reliability of three preliminary overclaiming items, designed specifically to complement the HAIS-Q, and identify those individuals who provide socially desirable responses. A total of 197 working Australians completed two iterations of the HAIS-Q and the over-claiming items, approximately 4 weeks apart. Results of the analysis showed that the HAIS-Q was externally reliable and internally consistent. Therefore, the HAIS-Q can be used to reliably measure information security awareness. Reliability testing on the preliminary over-claiming items was not as robust and further development is required and recommended. The implications of these findings mean that organisations can confidently use the HAIS-Q to not only measure the current state of employee information security awareness within their organisation, but they can also measure the effectiveness and impacts of training interventions, information security awareness programs and campaigns. The influence of cultural changes and the effect of security incidents can also be assessed.

show abstract

Section: Information Security Awareness (Isa): Previous Hais-q Researchmentioning

confidence: 99%

A Reliable Measure of Information Security Awareness and the Identification of Bias in Responses

McCormac

Calic

Butavicius

et al. 2017

AJIS

Self Cite

View full text Add to dashboard Cite

show abstract

“…Thanks to these requirements, information security reduces the impact or the probability of security threats and weaknesses at an acceptable level for the organization (Singh & Margam, 2018). Therefore, information security practices related to security technology adoption and to the user behavior (Bulgurcu, Cavusoglu, & Benbasat, 2010;Sêmola, 2014;Parsons et al, 2015;Safa et al, 2015) are used so that the information security goals (Dhillon & Backhouse, 2000;Bulgurcu, Cavusoglu, & Benbasat, 2010;Sêmola, 2014;Uddin & Preston, 2015) can be addressed.…”

Section: From Strategy To Security Practicesmentioning

confidence: 99%

Multicriteria analysis of the compliance for the improvement of information security

Solana-González

Vanti²,

Fontana

2019

JISTEM

View full text Add to dashboard Cite

Information security is a current issue of protection of information assets that considers significant variables of a strategic, organizational and IT governance nature, and that requires to analyze the compliance with international standards that regulate business actions. In this way, the work analyzes institutional compliance to improve information security applying the Analytic Hierarchy Process methodology to the specific practices defined in ISO/IEC 27002:2013. Expert Choice has been used as Decision Support Systems that has generated as a result the ranking of priorities of the criteria and alternatives used in the decisional process. It has been later applied in a medium-sized Brazilian industrial company. The results identify that the main security practice is the one related to the independent critical analysis of information security.

show abstract

“…We are very pleased to present three papers that are primarily focused on what influences the decisions of the latter group. The Parsons et al (2015) paper provides insight into how an organization’s information security culture can affect the security decisions made by an individual worker’s compliance with security policy and ultimately the organization’s risk to cyber attack. Nehmadi and Meyer’s (2015) paper addresses the factors that contribute to whether people choose to use authentication methods such as strong passwords to increase the security of their computing activities or whether they prefer to bypass authentication in favor of ease and efficiency.…”

Section: Introductionmentioning

confidence: 99%

Introduction to Special Issue of the Journal of Cognitive Engineering and Decision Making Special Issue Focus

D’Amico¹,

Roth²

2015

Journal of Cognitive Engineering and Decision Making

View full text Add to dashboard Cite

The Influence of Organizational Information Security Culture on Information Security Decision Making

Cited by 56 publications

References 42 publications

A Reliable Measure of Information Security Awareness and the Identification of Bias in Responses

A Reliable Measure of Information Security Awareness and the Identification of Bias in Responses

Multicriteria analysis of the compliance for the improvement of information security

Introduction to Special Issue of the Journal of Cognitive Engineering and Decision Making Special Issue Focus

Contact Info

Product

Resources

About