Information security culture - state-of-the-art review between 2000 and 2013

Purpose – The aim of this paper is to survey existing information security culture research to scrutinise the kind of knowledge that has been developed and the way in which this knowledge has been ...

[1]  Pär J. Ågerfalk Embracing diversity through mixed methods research , 2013, Eur. J. Inf. Syst..

[2]  F. Nelson Ford,et al.  Information security: management's effect on culture and policy , 2006, Inf. Manag. Comput. Secur..

[3]  Ioannis Koskosas,et al.  Cultural and organisational commitment in the context of e-banking , 2012 .

[4]  Atif Ahmad,et al.  Exploring the relationship between organizational culture and information security culture , 2009 .

[5]  Rossouw von Solms,et al.  Information security obedience: a definition , 2005, Comput. Secur..

[6]  Rossouw von Solms,et al.  Towards an Information Security Competence Maturity Model , 2006 .

[7]  Tamara Dinev,et al.  Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational Culture , 2012, Decis. Sci..

[8]  M. Douglas,et al.  Risk and Culture: An Essay on the Selection of Technological and Environmental Dangers , 1983 .

[9]  Mikko T. Siponen,et al.  Which Factors Explain Employees' Adherence to Information Security Policies? An Empirical Study , 2007, PACIS.

[10]  Laura Corriss Information security governance: integrating security into the organizational culture , 2010, GTIP '10.

[11]  James Backhouse,et al.  Current directions in IS security research: towards socio‐organizational perspectives , 2001, Inf. Syst. J..

[12]  Johan Van Niekerk,et al.  Combating Information Security Apathy By Encouraging Prosocial Organisational Behaviour , 2011, HAISA.

[13]  Sharman Lichtenstein,et al.  Challenges in fostering an information security culture in Australian small and medium sized enterprises , 2006 .

[14]  Evangelos A. Kiountouzis,et al.  Information Management & Computer Security Formulating information systems risk management strategies through cultural theory , 2016 .

[15]  Sebastiaan H. von Solms,et al.  Information Security - The Third Wave? , 2000, Comput. Secur..

[16]  B. A. Sabbagh,et al.  Developing social metrics for security modeling the security culture of it workers individuals (case study) , 2012, The 5th International Conference on Communications, Computers and Applications (MIC-CCA2012).

[17]  Cynthia Hardy,et al.  Researching Organizational Discourse , 2001 .

[18]  John J. Mauriel,et al.  A Framework for Linking Culture and Improvement Initiatives in Organizations , 2000 .

[19]  K. Cameron,et al.  Organizational Life Cycles and Shifting Criteria of Effectiveness: Some Preliminary Evidence , 1983 .

[20]  A. B. Ruighaver,et al.  Organisational security culture: Extending the end-user perspective , 2007, Comput. Secur..

[21]  Zuraini Ismail,et al.  Security effectiveness in health information system: through improving the human factors by education and training , 2012 .

[22]  G. Burrell,et al.  Sociological Paradigms and Organisational Analysis: Elements of the Sociology of Corporate Life , 2017 .

[23]  Harri Oinas-Kukkonen,et al.  A review of information security issues and respective research contributions , 2007, DATB.

[24]  Ken Stevens,et al.  An Investigation of the Impact of Corporate Culture on Employee Information Systems Security Behaviour , 2009 .

[25]  Ella Kolkowska Value sensitive approach to information system security , 2005 .

[26]  M. Eric Johnson,et al.  Embedding Information Security into the Organization , 2007, IEEE Security & Privacy.

[27]  P. Carayon,et al.  Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists. , 2007, Applied ergonomics.

[28]  Hamid R. Nemati,et al.  A Human Centered Framework for Information Security Management: A Healthcare Perspective , 2009, AMCIS.

[29]  Matthew Warren,et al.  Understanding Transition towards Information Security Culture Change , 2005, AISM.

[30]  Mario Piattini,et al.  Security Culture in Small and Medium-Size Enterprise , 2010, CENTERIS.

[31]  Gurpreet Dhillon,et al.  Value‐focused assessment of information system security in organizations , 2006, Inf. Syst. J..

[32]  Chee-Sing Yap,et al.  Testing an Ethical Decision-Making Theory: The Case of Softlifting , 1998, J. Manag. Inf. Syst..

[33]  Sharman Lichtenstein,et al.  Fostering Information Security Culture in Small and Medium Size Enterprises: An Interpretive Study in Australia , 2007, ECIS.

[34]  S. Woodhouse,et al.  Information Security: End User Behavior and Corporate Culture , 2007, 7th IEEE International Conference on Computer and Information Technology (CIT 2007).

[35]  A. Edmondson,et al.  METHODOLOGICAL FIT IN MANAGEMENT FIELD RESEARCH. , 2007 .

[36]  Matthew Warren,et al.  Developing information security culture in small and medium size enterprises: Australian case studies , 2007 .

[37]  Zoltan J. Acs,et al.  Managerial Economics and Organization , 1995 .

[38]  Omar Zakaria,et al.  Employee Security Perception in Cultivating Information Security Culture , 2004, IICIS.

[39]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[40]  J Flower,et al.  In the mush. , 1999, Physician executive.

[41]  Janis Warner Towards Understanding User Behavioral Intentions to Use IT Security: Examining the Impact of IT Security Psychological Climate and Individual Beliefs , 2006, AMCIS.

[42]  Steven Furnell,et al.  IFIP workshop - Information security culture , 2007, Comput. Secur..

[43]  Shirley Gregor,et al.  The Anatomy of a Design Theory , 2007, J. Assoc. Inf. Syst..

[44]  G. C. Homans,et al.  Social Behavior as Exchange , 1958, American Journal of Sociology.

[45]  Nick Gaunt,et al.  Installing an appropriate information security policy , 1998, Int. J. Medical Informatics.

[46]  Dimitris Gritzalis,et al.  Addressing Cultural Dissimilarity in the Information Security Management Outsourcing Relationship , 2007, TrustBus.

[47]  Marc Conrad,et al.  Information Management & Computer Security Democracy , culture and information security : a case study in Zanzibar , 2016 .

[48]  Solange Ghernaouti-Helie An Inclusive Information Society Needs a Global Approach of Information Security , 2009, 2009 International Conference on Availability, Reliability and Security.

[49]  Urs E. Gattiker,et al.  Early warning system for home users and small- and medium-sized enterprises: eight lessons learned , 2008, Int. J. Syst. Syst. Eng..

[50]  Ioannis Koskosas,et al.  Internet banking security in the contexts of goal setting, culture and risk communication , 2008 .

[51]  Johan Van Niekerk,et al.  Assessing information security culture: A critical analysis of current approaches , 2012, 2012 Information Security for South Africa.

[52]  M. Warren,et al.  Enabling Information Security Culture: Influences and Challenges for Australian SMEs , 2010 .

[53]  G. Hofstede,et al.  Cultures and Organizations: Software of the Mind , 1991 .

[54]  C. Welzel,et al.  Modernization, Cultural Change, and Democracy: The Human Development Sequence , 2005 .

[55]  Omar Zakaria Pita Jarupunphol and Abdullah Gani Paradigm Mapping for Information Security Culture Approach , 2003 .

[56]  M. Angela Sasse,et al.  CISOs and organisational culture: Their own worst enemy? , 2013, Comput. Secur..

[57]  Nicholas Gaunt,et al.  Practical approaches to creating a security culture , 2000, Int. J. Medical Informatics.

[58]  Rossouw von Solms,et al.  Information security culture: A management perspective , 2010, Comput. Secur..

[59]  R. Bennett,et al.  Is Your Banker Leaking Your Personal Information? The Roles of Ethics and Individual-Level Cultural Characteristics in Predicting Organizational Computer Abuse , 2013, Journal of Business Ethics.

[60]  E. A. Locke,et al.  Building a practically useful theory of goal setting and task motivation. A 35-year odyssey. , 2002, The American psychologist.

[61]  Dan Jong Kim,et al.  A Path Way to Successful Management of Individual Intention to Security Compliance: A Role of Organizational Security Climate , 2013, 2013 46th Hawaii International Conference on System Sciences.

[62]  J. Malcolmson What is security culture? Does it differ in content from general organisational culture? , 2009, 43rd Annual 2009 International Carnahan Conference on Security Technology.

[63]  Debi Ashenden,et al.  Information Security management: A human challenge? , 2008, Inf. Secur. Tech. Rep..

[64]  Anat Hovav,et al.  Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. and South Korea , 2012, Inf. Manag..

[65]  Suchinthi Fernando,et al.  Human-related information security problems faced by British companies in economically rising countries , 2011 .

[66]  Omar Zakaria Information Security Culture and Leadership , 2005, ECIW.

[67]  Christine Harbottle,et al.  Managing Transitions: Making the Most of Change , 1991 .

[68]  Rossouw von Solms,et al.  Information Security Service Culture - Information Security for End-users , 2012, J. Univers. Comput. Sci..

[69]  Srinivasan V. Rao,et al.  Information Security Cultures of Four Professions: A Comparative Study , 2008, Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008).

[70]  Steven Furnell,et al.  From culture to disobedience: Recognising the varying user acceptance of IT security , 2009 .

[71]  G. Dhillon Managing information system security , 1997 .

[72]  R. Solms,et al.  Cultivating an organizational information security culture , 2006 .

[73]  Charlie C. Chen,et al.  A cross-cultural investigation of situational information security awareness programs , 2008, Inf. Manag. Comput. Secur..

[74]  Varun Grover,et al.  The evolution of empirical research in IS: A study in IS maturity , 1993, Inf. Manag..

[75]  John Mingers,et al.  The paucity of multimethod research: a review of the information systems literature , 2003, Inf. Syst. J..

[76]  Gurpreet Dhillon,et al.  Variations in Information Security Cultures across Professions: A Qualitative Study , 2013, Commun. Assoc. Inf. Syst..

[77]  Ella Kolkowska,et al.  Security subcultures in an organization - exploring value conflicts , 2011, ECIS.

[78]  Goran Bozic The role of a stress model in the development of information security culture , 2012, 2012 Proceedings of the 35th International Convention MIPRO.

[79]  Åke Grönlund,et al.  e-Gov Research Quality Improvements Since 2003: More Rigor, but Research (Perhaps) Redefined , 2006, EGOV.

[80]  Alan R. Hevner,et al.  Design Science in Information Systems Research , 2004, MIS Q..

[81]  Rossouw von Solms,et al.  Towards information security behavioural compliance , 2004, Comput. Secur..

[82]  Richard Baskerville,et al.  Power and Practice in Information Systems Security Research , 2008, ICIS.

[83]  Mikko T. Siponen,et al.  A Critical Assessment of IS Security Research between 1990-2004 , 2007, ECIS.

[84]  Wan Ab. Kadir Wan Dollah,et al.  Determining factors influencing information security culture among ICT librarians , 2012 .

[85]  I. Nonaka A Dynamic Theory of Organizational Knowledge Creation , 1994 .

[86]  R. Lazarus From psychological stress to the emotions: a history of changing outlooks. , 1993, Annual review of psychology.

[87]  Stig Ole Johnsen,et al.  Measurement and Improvement of Information Security Culture , 2006 .

[88]  Dan Harnesk,et al.  Shaping security behaviour through discipline and agility , 2011 .

[89]  Jeffrey M. Stanton,et al.  Analysis of end user security behaviors , 2005, Comput. Secur..

[90]  Kavoos Mohannak,et al.  Information security culture: A Behaviour Compliance Conceptual Framework , 2010, AISC.

[91]  Sean B. Maynard,et al.  Embedding Information Security Culture Emerging Concerns and Challenges , 2010, PACIS.

[92]  Michael Lang,et al.  Investigation of cultural aspects within information systems security research , 2012, 2012 International Conference for Internet Technology and Secured Transactions.

[93]  Donald Bess Understanding Information Security Culture for Strategic Use: A Case Study , 2009, AMCIS.

[94]  Patricia A. H. Williams In a 'trusting' environment, everyone is responsible for information security , 2008, Inf. Secur. Tech. Rep..

[95]  David Lacey Understanding and transforming organizational security culture , 2010, Inf. Manag. Comput. Secur..

[96]  J. Harrald Agility and Discipline: Critical Success Factors for Disaster Response , 2006 .

[97]  E. Hall The Silent Language , 1959 .

[98]  Denise M. Rousseau,et al.  The construction of climate in organizational research. , 1988 .

[99]  Khaled A. Alshare,et al.  A Conceptual Model for Explaining Violations of the Information Security Policy (ISP): A Cross Cultural Perspective , 2008, AMCIS.

[100]  I. Ajzen The theory of planned behavior , 1991 .

[101]  Solange Ghernaouti-Helie,et al.  A Multi-stage Methodology for Ensuring Appropriate Security Culture and Governance , 2010, 2010 International Conference on Availability, Reliability and Security.

[102]  Jan H. P. Eloff,et al.  A framework and assessment instrument for information security culture , 2010, Comput. Secur..

[103]  A. B. Ruighaver,et al.  Ethical decision making: Improving the quality of acceptable use policies , 2010, Comput. Secur..

[104]  Shuchih Ernest Chang,et al.  Exploring organizational culture for information security management , 2007, Ind. Manag. Data Syst..

[105]  T. Helokunnas,et al.  Information security culture in a value net , 2003, IEMC '03 Proceedings. Managing Technologically Driven Organizations: The Human Side of Innovation and Change.

[106]  Xin Luo,et al.  The Impact of National Culture on Workplace Privacy Expectations in the Context of Information Security Assurance , 2009, AMCIS.

[107]  Qing Hu,et al.  Top Management Championship and Individual Behaviour Towards Information Security: An Integrative Model , 2008, ECIS.

[108]  M. Douglas Risk and Blame , 2018, A Good Position for Birth.