One of the most prevalent problems with regard to protecting information assets is the behaviour of employees. Moreover, the behaviour of employees is, to a large extent, determined by the corporate culture of an organisation. Senior management, as part of its corporate governance responsibilities, must define a vision for information security in its organisation. An ideal corporate culture, in terms of information security, would be one where the de facto behaviour of employees is to satisfactorily protect information assets. This paper will expand Schein’s corporate culture model into two dimensions, detailing both management and employee’s behaviour in terms of information security and the three levels of corporate culture. A diagram detailing the Driving and Restraining Forces involved in the process of culture change will be detailed and the paper will conclude by investigating the Force Field Analysis process.
[1]
N. J. V. Rensburg.
Human Habits of Highly Effective Organisations
,
2001
.
[2]
Robert B. Pojasek,et al.
To Change the Culture, You Must First Master the Force
,
2001
.
[3]
E. Schein.
The Corporate Culture Survival Guide
,
1999
.
[4]
M. Barclay,et al.
Transforming company culture
,
1996
.
[5]
Lee Roy Beach,et al.
Making the Right Decision: Organizational Culture, Vision, and Planning
,
1992
.
[6]
Kerry-Lynn Thomson,et al.
Integrating information security into corporate culture
,
2003
.