Computer and Information Security Culture: Findings from two Studies

This research outlines some dimensions of computer and information security (CIS) culture. Two exploratory studies were conducted to identify the various dimensions of CIS culture. One study included an industry workgroup consisting of six CIS managers and specialists. The second study consisted of individual interviews with eight CIS managers and managers and eight network administrators. The workgroup and CIS managers and network administrators provided a preliminary list of elements in CIS culture dimensions, including: employee participation, training, hiring practices, reward system, management commitment, and communication and feedback.

[1]  E. Schein Organizational Culture and Leadership , 1991 .

[2]  T. W. van der Schaaf,et al.  Near Miss Reporting as a Safety Tool , 1991 .

[3]  Tjerk W. van der Schaaf Chapter 3 – A FRAMEWORK FOR DESIGNING NEAR MISS MANAGEMENT SYSTEMS , 1991 .

[4]  Alistair Sutcliffe,et al.  A Taxonomy of Error Types for Failure Analysis and Risk Assessment , 1998, Int. J. Hum. Comput. Interact..

[5]  A. Glendon,et al.  Perspectives on safety culture , 2000 .

[6]  Sebastiaan H. von Solms,et al.  Information Security - The Third Wave? , 2000, Comput. Secur..

[7]  Mikko T. Siponen,et al.  A conceptual foundation for organizational information security awareness , 2000, Inf. Manag. Comput. Secur..

[8]  F. Guldenmund The nature of safety culture: a review of theory and research , 2000 .

[9]  Sacha Brostoff,et al.  Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security , 2001 .

[10]  Paul Jones,et al.  Secrets and Lies: Digital Security in a Networked World , 2002 .

[11]  Jan H. P. Eloff,et al.  Information Security Culture , 2002, SEC.

[12]  Pascale Carayon,et al.  A Human Factors Vulnerability Evaluation Method for Computer and Information Security , 2003 .

[13]  T. Helokunnas,et al.  Information security culture in a value net , 2003, IEMC '03 Proceedings. Managing Technologically Driven Organizations: The Human Side of Innovation and Change.

[14]  Budi Arief,et al.  Computer security impaired by legitimate users , 2004, Comput. Secur..

[15]  Rossouw von Solms,et al.  Towards information security behavioural compliance , 2004, Comput. Secur..