Abstract:Key words:In this paper, we present a management process we have developed for an Information Security Culture. It is based theoretically on action research and practically on expert interviews and group discussions. A Decision Support System, which supports the process, allows quick survey of the existing Information Security Culture in an organization and analysis of the results, thus discovering strong and weak points. This tool recommends, based on stored measures and rules, actions to improve the weak poi… Show more
“…further used the organisational culture levels of Schein to compile a framework to better understand information security culture. Schlienger and Teufel (2005), Vroom and Von Solms (2004) and Zakaria and Gani (2003) also linked information security culture to the organisational culture model of Schein (1985). Dhillon (1997) related ''security culture'' to the behaviour of employees in an organisation that could contribute to the protection of information.…”
Section: Current Researchmentioning
confidence: 92%
“…Quantitative research methods such as conducting surveys and the validation of frameworks and questionnaires have been deployed with great success in the information security discipline (Schlienger and Teufel, 2005;Straub et al, 2004;Straub, 1990;Workman et al, in press;Siponen et al, 2007;Woon et al, 2005). A survey is a method that organisations can use to study information security behavioural content in general, and attitude and opinions (Berry and Houston, 1993) of employees towards information security in particular.…”
“…further used the organisational culture levels of Schein to compile a framework to better understand information security culture. Schlienger and Teufel (2005), Vroom and Von Solms (2004) and Zakaria and Gani (2003) also linked information security culture to the organisational culture model of Schein (1985). Dhillon (1997) related ''security culture'' to the behaviour of employees in an organisation that could contribute to the protection of information.…”
Section: Current Researchmentioning
confidence: 92%
“…Quantitative research methods such as conducting surveys and the validation of frameworks and questionnaires have been deployed with great success in the information security discipline (Schlienger and Teufel, 2005;Straub et al, 2004;Straub, 1990;Workman et al, in press;Siponen et al, 2007;Woon et al, 2005). A survey is a method that organisations can use to study information security behavioural content in general, and attitude and opinions (Berry and Houston, 1993) of employees towards information security in particular.…”
Abstract-A cybersecurity culture must be promoted at an international, national, organizational, and individual level to aid in minimizing risks from a human perspective in cyberspace. To promote such a culture it has to be understood and quantified in order to direct change. This research makes use of the disciplines of information technology and industrial psychology to define a cybersecurity culture. A quantitative research methodology, cybersecurity culture research methodology (CSeCRM), is proposed that can be used to measure a cybersecurity culture. The objective of CSeCRM is to ensure that a reliable and valid measuring instrument is used to measure cybersecurity culture. The results derived from using such an instrument can aid in identifying actions to change and direct the cybersecurity culture at, for instance, schools or businesses, at national or international level. The CSeCRM is illustrated by implementing it in an organization where a cybersecurity culture measuring instrument was validated.
“…Organization culture has emerged in this literature review as essential elements that influence security culture. Security culture was itself considered as part of the organization culture [10], [15], [19]. Moreover, national culture is known to have cultural beliefs in which have strong influences on Information Technology diffusion [27].…”
Section: Development Of Conceptual Modelmentioning
Abstract-The purpose of the paper is to examine the conceptualization of information security culture in order to develop an information security culture measurement model. In order to do so, a comprehensive literature analysis of current information security culture models and frameworks were examined. The outcome of the comprehensive review is a top constructs candidate that conceptualizes security culture. The current paper found no mutual agreement on what factors conceptualize a security culture. Our contribution is being able to identify a clear gap on the existing literature of a lack of clear conceptualization and distinction between factors that constitute information security culture and factors that influence information security culture. The distinction clearly has not been made by academic literature on the information security culture. The current study assists academic researchers to identify research gaps in the information security culture field, including identifying further empirical research needed in this area.Index Terms-Security culture, factors constitute security culture, factors influence security culture.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.