The Model of Information Security Culture Level Estimation of Organization

Shkarlet, Serhiy; Lytvynov, Vitalii; Dorosh, Mariia; Trunova, Еlena; Voitsekhovska, Mariia

doi:10.1007/978-3-030-25741-5_25

Cited by 6 publications

(5 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There is a growing body of research in information security culture, which investigates different aspects. Tang et al (2016), Van Niekerk and Von Solms (2010) and Solomon and Brown (2020) investigated the relationship between information security culture and organizational culture, Alnatheer (2014), Shkarlet et al (2020) and Sas et al (2020) explored assessment and measurement of information security culture, while other researchers focus their work on determining dimensions (factors) of information security culture (Sherif and Furnell, 2015; Nel and Drevin, 2019; Arbanas, 2020). On the other hand, Van Niekerk and Von Solms (2010) and Mahfuth et al (2017a, b) worked on development of conceptual models and revealed that there is a positive relationship between levels of knowledge and employees' behaviour, which is not surprising since Bouhnik et al (2021) have shown that, in order for the security behaviour to become their second nature, people must first be educated to do so.…”

Section: Theoretical Background and Motivationmentioning

confidence: 99%

Holistic framework for evaluating and improving information security culture

Arbanas¹,

Spremić

Hrustek³

2021

AJIM

View full text Add to dashboard Cite

PurposeThe objective of this research was to propose and validate a holistic framework for information security culture evaluation, built around a novel approach, which includes technological, organizational and social issues. The framework's validity and reliability were determined with the help of experts in the information security field and by using multivariate statistical methods.Design/methodology/approachThe conceptual framework was constructed upon a detailed literature review and validated using a range of methods: first, measuring instrument was developed, and then content and construct validity of measuring instrument was confirmed via experts' opinion and by closed map sorting method. Convergent validity was confirmed by factor analysis, while the reliability of the measuring instrument was tested using Cronbach's alpha coefficient to measure internal consistency.FindingsThe proposed framework was validated based upon the results of empirical research and the usage of multivariate analysis. The resulting framework ultimately consists of 46 items (manifest variables), describing eight factors (first level latent variables), grouped into three categories (second level latent variables). These three categories were built around technological, organizational and social issues.Originality/valueThis paper contributes to the body of knowledge in information security culture by developing and validating holistic framework for information security culture evaluation, which does not observe information security culture in only one aspect but takes into account its organizational, sociological and technical component.

show abstract

Section: Theoretical Background and Motivationmentioning

confidence: 99%

Holistic framework for evaluating and improving information security culture

Arbanas¹,

Spremić

Hrustek³

2021

AJIM

View full text Add to dashboard Cite

show abstract

“…Execution elements and mechanisms are: experts in the field of information security of organizations (their duties include filling the database with input information, determining weights, forming questionnaires, disseminating and collecting feedback, creating a fuzzy model rule base, checking reports and recommendations); cloud services for questionnaires distribution and of answers collection; software as a tool used for interaction with system by all participants of the process; database for storing information. The main methods are: logic of antonyms [10] (to form the competency array); the method of pairwise comparisons [11] (to determine the weights of questions within the questionnaire); fuzzy logic methods [12] (to assess the personal ISC level for employees) and fuzzy clustering (to generate clusters of questions by theme); general mathematical models of the ISC level assessment for departments and organization [13].…”

Section: Fig 1 Functional Model Of Top-level Development Process «The Organization`s Isc Level Determination»mentioning

confidence: 99%

“…Mathematical model of department's ISC level assessment described in paper [13] determines the ISC level of department based on personal assessments of its employees taking into account the array of role weights corresponding to the positions of respondents.…”

Section: Fuzzy Clustering Is Used In the Formation Of Question Clusters By Themes According To The Membership Array For Further Questionnmentioning

confidence: 99%

“…Mathematical model of organization's ISC level assessment [13] determines the mechanism for determining the overall level of organization's ISC based on results of the ISC level assessments of departments obtained on the previous stage.…”

Section: Fuzzy Clustering Is Used In the Formation Of Question Clusters By Themes According To The Membership Array For Further Questionnmentioning

confidence: 99%

See 1 more Smart Citation

Development of the Automated Information System for Organization’s Information Security Culture Level Assessment

Lytvynov

Dorosh

Balchenko

et al. 2020

TST

Self Cite

View full text Add to dashboard Cite

Relevance of the research. Ensuring the effectiveness of the information security systems requires creation of an appropriate information security culture for the employees of the organization in order to reduce human-related risks. Target setting. The techniques currently available for assessing information security risk are excluded as a source of the potential vulnerability. Considering the role of the personnel in the organization's information security systems, there is a need to create automated systems of human-machine interaction assessment through the level of the personnel information security culture, and to determine the integral indicator of the organization's information security culture. Actual scientific researches and issues analysis. Open access publications on the problems of integrating the information security culture into the corporate culture of the organization as a tool for ensuring the proper information security level of business processes are considered. Uninvestigated parts of general matters defining. The absence of formalized models for assessing the organization's information security culture level, as well as an automated process for its assessing were revealed by source analysis. The research objective. The purpose of the article to build a model that describes the process of obtaining an organization's information security culture level assessment in IDEF0 notation. Then, to create an architecture and database for system of information security culture assessment to support the general organization's information security system. The statement of basic materials. According to functional requirements, a conceptual model of «The organization`s ISC level determination» development process was created. Input information, governing elements, execution elements and mechanism, and output information were defined. To accomplish these tasks, an architecture and database of information system for assessing the information security culture level of the organization were proposed. Conclusions. The functional model of top-level development process was proposed. Formed functional requirements became the basis for development of information system architecture with description of its modules and database structure.

show abstract

“…Current trends indicate the need for close interaction between innovation structures, HEIs and the scientific community. International experience in managing innovative, scientific and technical development of regions shows that at this level, the processes of synthesis of scientific, industrial, economic and social policy in the form of innovation clusters is taking place [10][11][12][13][14]. The purpose of their operation is to create and maintain a favorable environment for the active use of innovations.…”

Section: Introductionmentioning

confidence: 99%

Indicators of Regional Innovation Clusters’ Effectiveness in the Higher Education System

2020

View full text Add to dashboard Cite

Under globalization conditions, the main priority of the state education policy in many countries of the world is to ensure higher education quality. This is possible through close and efficient cooperation between the state, higher education institutions, future specialists, employers and innovative structures (clusters). This study focuses on the development of indicators that can comprehensively assess the effectiveness of regional innovation clusters in the higher education system. The main attention is given to the analysis of innovations, business, education development and competitiveness, as indicators of the effectiveness of regional innovation clusters in the higher education system. The following methods have been used within the research: content analysis, statistical, correlation and regression analysis, econometric modeling and the graphical method. As a result of the research, indicators of the effectiveness of regional innovation clusters have been identified and the impact of these indicators on the higher education system has been evaluated. The authors have shown that there is a close relationship between the level of development of regional innovation clusters, indicators of business and innovations development, and the level of competitiveness. The direct impact of those on the higher education system has been established and confirmed by the provided calculations.

show abstract

The Model of Information Security Culture Level Estimation of Organization

Cited by 6 publications

References 7 publications

Holistic framework for evaluating and improving information security culture

Holistic framework for evaluating and improving information security culture

Development of the Automated Information System for Organization’s Information Security Culture Level Assessment

Indicators of Regional Innovation Clusters’ Effectiveness in the Higher Education System

Contact Info

Product

Resources

About