Understanding Challenges of Information Security Culture: A Methodological Issue

Although, many organisations have implemented technical solutions to protect information resources from adverse events, internal security breaches continue to occur. Therefore an approach that emphasises an information security culture within the organisation is required to make security a part of employees’ daily work routines. In order to develop a successful information security culture within an organisation, it is a need to understand both technical and non-technical aspects of information security. Thus, this paper aims to investigate and discuss the conceptual and methodological issues pertaining the challenges in information security culture. MAMPU (Malaysian Administrative Modernisation and Management Planning Unit) was chosen as the subject of analysis and to serve as the specific in-depth case study for the investigation. In terms of epistemological approach, the interpretivism paradigm has been adopted as the main strategy in inquiry. For data collection, this research used questionnaire survey, semi-structured interviews, reviews of information security documents and observations. A conceptual framework based on Schein’s (1992) model of organisational culture was also being established to guide the data collection techniques. This paper, basically, is an attempt to academically overview and justifies the conceptual and methodological decisions in each procedure, which is outlined above.

[1]  Rudy Hirschheim,et al.  Four paradigms of information systems development , 1989, CACM.

[2]  Catherine C. Marshall,et al.  Designing Qualitative Research , 1996 .

[3]  R. Stake The art of case study research , 1995 .

[4]  D MyersMichael,et al.  A set of principles for conducting and evaluating interpretive field studies in information systems , 1999 .

[5]  James Backhouse,et al.  Understanding Information: An Introduction , 1990 .

[6]  M. D. Myers,et al.  Qualitative Research in Information Systems: A Reader , 2002 .

[7]  M. Patton Qualitative evaluation and research methods, 2nd ed. , 1990 .

[8]  D. Buchanan,et al.  Organizational Behaviour: an Introductory Text , 1972 .

[9]  Wanda J. Orlikowski,et al.  Studying Information Technology in Organizations: Research Approaches and Assumptions , 1991, Inf. Syst. Res..

[10]  E. Schein Organizational Culture and Leadership , 1991 .

[11]  Matthew B. Miles,et al.  Qualitative Data Analysis: An Expanded Sourcebook , 1994 .

[12]  D. Morgan,et al.  Sociological Paradigms and Organizational Analysis. , 1983 .

[13]  Liisa von Hellens,et al.  Qualitative Research in Information Systems , 2007, Australas. J. Inf. Syst..

[14]  M. Denscombe The Good Research Guide: for small-scale social research projects , 1998 .

[15]  Michael D. Myers,et al.  A Set of Principles for Conducting and Evaluating Interpretive Field Studies in Information Systems , 1999, MIS Q..

[16]  R. Yin Case Study Research: Design and Methods , 1984 .

[17]  M. Patton,et al.  Qualitative evaluation and research methods , 1992 .