Towards information security behavioural compliance
暂无分享,去创建一个
Auditing has always played an important role in the business environment. With the introduction of information technology and the resulting security challenges that organizations face daily, it has become essential to ensure the security of the organization's information and other valuable assets. However, one aspect that auditing does not cover effectively is that of the behaviour of the employee, which is so crucial to any organization's security. The objective of this paper is to explore the potential problems concerning the attempt to audit the behaviour of the employee. It will be demonstrated that it is extremely difficult to audit human behaviour and so an alternative method to behavioural auditing needs to be found, where policing the employee is not necessary, but instead a softer, more informal approach is used to change the culture to a more information security conscious one.
[1] E. Schein. The Corporate Culture Survival Guide , 1999 .
[2] Barbara Fraser,et al. Site Security Handbook , 1997, RFC.
[3] Andrew D Szilagyi,et al. Organizational behavior and performance , 1977 .
[4] T. Schlienger,et al. Information Security Culture , 2002 .
[5] L. B. Sawyer. Sawyer's internal auditing : the practice of modern internal auditing , 2003 .