Tool Supported Management of Information Security Culture

Schlienger, Thomas; Teufel, Stephanie

doi:10.1007/0-387-25660-1_5

Cited by 21 publications

(17 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…further used the organisational culture levels of Schein to compile a framework to better understand information security culture. Schlienger and Teufel (2005), Vroom and Von Solms (2004) and Zakaria and Gani (2003) also linked information security culture to the organisational culture model of Schein (1985). Dhillon (1997) related ''security culture'' to the behaviour of employees in an organisation that could contribute to the protection of information.…”

Section: Current Researchmentioning

confidence: 92%

“…Quantitative research methods such as conducting surveys and the validation of frameworks and questionnaires have been deployed with great success in the information security discipline (Schlienger and Teufel, 2005;Straub et al, 2004;Straub, 1990;Workman et al, in press;Siponen et al, 2007;Woon et al, 2005). A survey is a method that organisations can use to study information security behavioural content in general, and attitude and opinions (Berry and Houston, 1993) of employees towards information security in particular.…”

mentioning

confidence: 97%

See 1 more Smart Citation

A framework and assessment instrument for information security culture

Veiga

Eloff

2010

Computers & Security

276

190

View full text Add to dashboard Cite

Section: Current Researchmentioning

confidence: 92%

mentioning

confidence: 97%

A framework and assessment instrument for information security culture

Veiga

Eloff

2010

Computers & Security

276

190

View full text Add to dashboard Cite

“…The organizational culture that develops on the basis of exhibited behavior is evident in artifacts (using encryption), values ("the privacy of 978-1-4673-8460-5/16/$31.00 ©2016 IEEE customer data is respected"), and basic assumptions ("executive management understand the risk to information") [49].…”

Section: Defining Cybersecurity Culturementioning

confidence: 99%

“…• Factor A -20 statements: 49,55,50,54,62,35,61,58,57,28,60,22,56,24,66,64,42,21,47,32 • Factor B -13 statements: 44,43,30,36,45,29,34,38,46,53,19,27,52 • Factor C -5 statements: 26, 23, 39, 31, 33…”

Section: ) Confirm Validity Of the Questionnairementioning

confidence: 99%

A cybersecurity culture research philosophy and approach to develop a valid and reliable measuring instrument

Veiga

2016

2016 SAI Computing Conference (SAI)

View full text Add to dashboard Cite

Abstract-A cybersecurity culture must be promoted at an international, national, organizational, and individual level to aid in minimizing risks from a human perspective in cyberspace. To promote such a culture it has to be understood and quantified in order to direct change. This research makes use of the disciplines of information technology and industrial psychology to define a cybersecurity culture. A quantitative research methodology, cybersecurity culture research methodology (CSeCRM), is proposed that can be used to measure a cybersecurity culture. The objective of CSeCRM is to ensure that a reliable and valid measuring instrument is used to measure cybersecurity culture. The results derived from using such an instrument can aid in identifying actions to change and direct the cybersecurity culture at, for instance, schools or businesses, at national or international level. The CSeCRM is illustrated by implementing it in an organization where a cybersecurity culture measuring instrument was validated.

show abstract

“…Organization culture has emerged in this literature review as essential elements that influence security culture. Security culture was itself considered as part of the organization culture [10], [15], [19]. Moreover, national culture is known to have cultural beliefs in which have strong influences on Information Technology diffusion [27].…”

Section: Development Of Conceptual Modelmentioning

confidence: 99%

A Conceptual Model to Understand Information Security Culture

Alnatheer¹

2014

IJSSH

View full text Add to dashboard Cite

Abstract-The purpose of the paper is to examine the conceptualization of information security culture in order to develop an information security culture measurement model. In order to do so, a comprehensive literature analysis of current information security culture models and frameworks were examined. The outcome of the comprehensive review is a top constructs candidate that conceptualizes security culture. The current paper found no mutual agreement on what factors conceptualize a security culture. Our contribution is being able to identify a clear gap on the existing literature of a lack of clear conceptualization and distinction between factors that constitute information security culture and factors that influence information security culture. The distinction clearly has not been made by academic literature on the information security culture. The current study assists academic researchers to identify research gaps in the information security culture field, including identifying further empirical research needed in this area.Index Terms-Security culture, factors constitute security culture, factors influence security culture.

show abstract

Tool Supported Management of Information Security Culture

Cited by 21 publications

References 5 publications

A framework and assessment instrument for information security culture

A framework and assessment instrument for information security culture

A cybersecurity culture research philosophy and approach to develop a valid and reliable measuring instrument

A Conceptual Model to Understand Information Security Culture

Contact Info

Product

Resources

About