论文信息 - A Comprehensive Framework for Understanding Security Culture in Organizations

A Comprehensive Framework for Understanding Security Culture in Organizations

Organizational security is exposed to internal and external threats, with a greater level of vulnerabilities coming from the former. Drawing upon findings from prior works as a foundation, this study aims to highlight the significant factors that influence the security culture within organizations. Phase one of the study reports upon an interview-based investigation undertaken with thirteen experienced, knowledgeable security specialists from seven organizations. The main findings confirmed the importance of the identified factors from the previous work. The focus to emerge from the interviews concludes that continuously subjecting employees to targeted training and awareness development improves security culture. Indeed, there was a clear lack of awareness and compliance regarding the implementation and clarity of security policies in organizations. Also, the inefficient training program and limit to specific employees in organizations leads to a lack of awareness and compliance.

Maria Papadaki | Steven Furnell | Alaa Tolah

[1] Taizan Chan,et al. Understanding And Measuring Information Security Culture , 2012, PACIS.

[2] J. Doug Tygar,et al. Organisational culture, procedural countermeasures, and employee security behaviour: A qualitative study , 2017, Inf. Comput. Secur..

[3] Adéle da Veiga,et al. The Influence of Information Security Policies on Information Security Culture: Illustrated through a Case Study , 2015, HAISA.

[4] Nico Martins,et al. An Information Security Culture Model Validated with Structural Equation Modelling , 2015, HAISA.

[5] Maria Papadaki,et al. A comperhansive framework for cultivating and assessing Information Security Culture , 2017, HAISA.

[6] Stephanie Teufel,et al. Information security culture - from analysis to change , 2003, South Afr. Comput. J..

[7] Jan H. P. Eloff,et al. A framework and assessment instrument for information security culture , 2010, Comput. Secur..

[8] Malcolm Robert Pattinson,et al. Individual differences and Information Security Awareness , 2017, Comput. Hum. Behav..

[9] Waldemar Karwowski,et al. Human Factors in Information Security Culture: A Literature Review , 2017, AHFE.

[10] Adéle Martins,et al. Assessing Information Security Culture , 2002, ISSA.

[11] Malcolm Robert Pattinson,et al. The Human Aspects of Information Security Questionnaire (HAIS-Q): Two further validation studies , 2017, Comput. Secur..