From information security to cyber security cultures

Currently, all Internet and ICT users need basic levels of cyber security awareness and knowledge to perform their daily activities securely. Many security specialists and, indeed, nations are acknowledging the need for populaces to be aware of and educated about being more cyber secure. To achieve cyber security in current populations and to ensure continuity in future populaces, a "self-renewing" belief which affects behavior is needed. In an organizationa l context this need is met through the fostering of an information security culture (ISC). Similarly, in a societal context a cyber security culture (CSC) ought to be fostered. This raises the question of what precisely would constitute a CSC and how it differs from an ISC. The objective of this paper is to propose ways in which a CSC may be defined and viewed in comparison to an ISC.

[1]  E. Rogers,et al.  Diffusion of Innovations, 5th Edition , 2003 .

[2]  Rossouw von Solms,et al.  Towards information security behavioural compliance , 2004, Comput. Secur..

[3]  M. Warren,et al.  Enabling Information Security Culture: Influences and Challenges for Australian SMEs , 2010 .

[4]  Jan H. P. Eloff,et al.  Information security: The moving target , 2009, Comput. Secur..

[5]  Julia H. Allen The CERT Guide to System and Network Security Practices , 2001 .

[6]  Rossouw von Solms,et al.  Understanding Information Security Culture: A Conceptual Framework , 2006, ISSA.

[7]  R. Solms,et al.  Cultivating an organizational information security culture , 2006 .

[8]  E. Rogers Diffusion of Innovations , 1962 .

[9]  Mark B. Desman The Ten Commandments of Information Security Awareness Training , 2003, Inf. Secur. J. A Glob. Perspect..

[10]  William L. Simon,et al.  The Art of Deception: Controlling the Human Element of Security , 2001 .

[11]  E. Schein The Corporate Culture Survival Guide , 1999 .

[12]  Rossouw von Solms,et al.  A holistic framework for the fostering of an information security sub-culture in organizations , 2005, ISSA.

[13]  Van Niekerk,et al.  Fostering information security culture through intergrating theory and technology , 2010 .

[14]  Rossouw von Solms,et al.  From information security to cyber security , 2013, Comput. Secur..

[15]  G. Hofstede,et al.  Cultures and Organizations: Software of the Mind , 1991 .

[16]  Rossouw von Solms,et al.  Information security culture: A management perspective , 2010, Comput. Secur..

[17]  Sebastiaan H. von Solms,et al.  Information Security - The Third Wave? , 2000, Comput. Secur..

[18]  H.A.M. Luiijf,et al.  National Cyber Security Framework Manual , 2013 .

[19]  Jan H. P. Eloff,et al.  A framework and assessment instrument for information security culture , 2010, Comput. Secur..

[20]  Steven Furnell,et al.  Recognising and addressing ‘security fatigue’ , 2009 .

[21]  Guttorm Sindre,et al.  Improving the Information Security Model by using TFI , 2007, SEC.

[22]  K. Schwalm National Strategy to Secure Cyberspace , 2006 .

[23]  Stephanie Teufel,et al.  Information Security Culture: The Socio-Cultural Dimension in Information Security Management , 2002, SEC.

[24]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[25]  Mikko T. Siponen,et al.  Towards maturity of information security maturity criteria: six lessons learned from software maturity criteria , 2002, Inf. Manag. Comput. Secur..

[26]  Mikko T. Siponen,et al.  Five dimensions of information security awareness , 2001, CSOC.

[27]  Charlie C. Chen,et al.  A cross-cultural investigation of situational information security awareness programs , 2008, Inf. Manag. Comput. Secur..

[28]  Karen J. Nelson,et al.  Proposed Framework for Understanding Information Security Culture and Practices in the Saudi Context , 2009 .

[29]  Gurpreet Dhillon,et al.  Refereed Papers: Violation of Safeguards by Trusted Personnel and Understanding Related Information Security Concerns , 2001 .

[30]  Steven Furnell,et al.  From culture to disobedience: Recognising the varying user acceptance of IT security , 2009 .

[31]  Steven Furnell,et al.  Assessing the security perceptions of personal Internet users , 2007, Comput. Secur..

[32]  Andrew Cox,et al.  Raising information security awareness in the academic setting , 2001 .

[33]  Stephanie Teufel,et al.  Information security culture - from analysis to change , 2003, South Afr. Comput. J..