论文信息 - Information Security Culture: The Socio-Cultural Dimension in Information Security Management

Information Security Culture: The Socio-Cultural Dimension in Information Security Management

: The information security management mostly disregards the human dimension. The main focus is on technical and procedural measures. The user is seen as a security enemy, not as a security asset. In our paper we identify some problems, that emerge from this sight and we propose a paradigm shift from a technical approach to a socio-cultural one, from "the user is my enemy" to "the user is my security asset" approach. We explain the concept of corporate culture and show exemplary on the example of the security culture, how the cultural theory can help to increase the overall security of an organization.

Stephanie Teufel | Thomas Schlienger | T. Schlienger | S. Teufel

[1] Martin P. Loeb,et al. CSI/FBI Computer Crime and Security Survey , 2004 .

[2] Sebastiaan H. von Solms,et al. Information Security - The Third Wave? , 2000, Comput. Secur..

[3] Steven Furnell,et al. Authentication and Supervision: A Survey of User Attitudes , 2000, Comput. Secur..

[4] Alina M. Chircu,et al. Trust, Expertise, and E-Commerce Intermediary Adoption , 2000 .

[5] M. Angela Sasse,et al. Users are not the enemy , 1999, CACM.

[6] Judy E. Scott,et al. Goal congruence, trust, and organizational culture: strengthening knowledge links , 1997, ICIS '97.

[7] A. Baier. Trust and Antitrust , 1986, Ethics.

[8] E. Schein. Organizational Culture and Leadership: A Dynamic View , 1985 .