Understanding and transforming organizational security culture

Lacey, David

doi:10.1108/09685221011035223

Cited by 55 publications

(57 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This finding should bring the focus of organizations towards effectively shaping their employees" attitudes and preventing inappropriate behaviors against IS security policy. As such, security awareness programs [107][108][109] form one of the many approaches available for organizations to influence their employees" attitudinal belief, which in essence influences attitude.…”

Section: Resultsmentioning

confidence: 99%

Dysfunctional information system behaviors are not all created the same: Challenges to the generalizability of security-based research

Djajadikerta

Roni

Trireksani

2015

Information & Management

View full text Add to dashboard Cite

Please cite this article as: H.G. Djajadikerta, S. Mat Roni, T. Trireksani, Dysfunctional information system behaviors are not all created the same: Challenges to the generalizability of security-based research, Information and Management (2015), http://dx.doi.org/10.1016/j.im. 2015.07.008 This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting proof before it is published in its final form. Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.

show abstract

Section: Resultsmentioning

confidence: 99%

Dysfunctional information system behaviors are not all created the same: Challenges to the generalizability of security-based research

Djajadikerta

Roni

Trireksani

2015

Information & Management

View full text Add to dashboard Cite

show abstract

“…Examples of human error include forgetting to change passwords, not logging off before leaving a workstation, or careless discarding of sensitive information (Warkentin & Willison, 2009). Case studies, scenario planning, and crisis exercises are used to create awareness, and are an effective means of changing organizational security culture (Hagen, Albrechtsen, & Hovden, 2008;Lacey, 2010). According to Johnson (2006), benefits from awareness programs mitigate overall security risks, increase reliability and correctness of information, and result in early detection of potential security incidents.…”

Section: Trainingmentioning

confidence: 99%

Human resource information systems: Information security concerns for organizations

Zafar

2013

Human Resource Management Review

View full text Add to dashboard Cite

“…The technology is often expensive or difficult to manage, and quickly becomes outdated, but the most critical aspect could be the people we often leave behind from the equation when pursuing methods to manage our sensitive information. Yet, managing sensitive information cannot be completed through a focus on only policies, processes, and technology, but also requires a change in employee awareness, attitude, and behavior (Lacey, 2010). …”

Section: Literature Reviewmentioning

confidence: 98%

“…When sensitive information is breached, we need to stop and think before reacting, as often "the best performers make the most serious and glaring mistakes because they work harder, faster and are more empowered. The logical response to a major breach is to investigate what went wrong, rather than who is to blame" (Lacey, 2010). Thus, a holistic approach in the implementation of an information security program is often recommended.…”

Section: Literature Reviewmentioning

confidence: 99%

Managing professional and personal sensitive information

Rakers

2010

Proceedings of the 38th Annual ACM SIGUCCS Fall Conference: Navigation and Discovery

View full text Add to dashboard Cite

All organizations have to manage sensitive information related to their business operations. Unfortunately, universities have the added challenge of not only managing administrative and academic sensitive information, but often times the personal sensitive information of students and employees. This study reflects on the current best practices in managing sensitive information and discusses how Youngstown State University implements controls for sensitive information.According to the United States Federal Trade Commission, not only is managing sensitive information a good practice, but most industries are mandated by local and state regulations, as well as federal statutes such as the Gramm-Leach-Bliley Act (GLBA), Family Educational Rights and Privacy Act (FERPA), and the Federal Trade Commission Act.Universities like many commercial organizations which handle credit card transactions must comply with the Payment Card Industry's Data Security Standard. With the unique requirements of each regulation, it is often difficult to address each adequately.This study provides a framework for approaching the management of professional and personal sensitive information given the unique requirements faced by higher education.

show abstract

Understanding and transforming organizational security culture

Cited by 55 publications

References 1 publication

Dysfunctional information system behaviors are not all created the same: Challenges to the generalizability of security-based research

Dysfunctional information system behaviors are not all created the same: Challenges to the generalizability of security-based research

Human resource information systems: Information security concerns for organizations

Managing professional and personal sensitive information

Contact Info

Product

Resources

About