论文信息 - Awareness, behaviour and culture: The ABC in cultivating security compliance

Awareness, behaviour and culture: The ABC in cultivating security compliance

A significant volume of security breaches occur as a result of human aspects and it is consequently important for these to be given attention alongside technical aspects. Researchers have argued that security culture stimulates appropriate employees' behavior towards adherence. Therefore, work within organizations should be guided by a culture of security, with the purpose of protecting the organization's assets and affecting individual's behaviors towards better security behavior. Although security aware individuals can play an important role in protecting organizational assets, the way in which individuals behave with security controls that are implemented is crucial in protecting such assets. Should the behavior of individuals not be security compliant, it could have an impact on an organization's productivity and confidentiality of data. In this paper, key literature relating to security culture in the period of 1999-2014 is reviewed. The objective is to examine the role of security awareness, behavior, and how they can play an important role in changing the existing culture to a security culture. Some relevant security culture tools have been introduced. An overall framework to understand how security awareness and behavior can play an important role in changing an existing culture to a security culture has been developed.

[1] Rossouw von Solms,et al. Information security culture: A management perspective , 2010, Comput. Secur..

[2] R. Solms,et al. Cultivating an organizational information security culture , 2006 .

[3] S. Flowerday,et al. Ignorance to Awareness: Towards an Information Security Awareness Process , 2013 .

[4] Alex Fagerström,et al. Creating, Maintaining and Managing an Information Security Culture. , 2013 .

[5] Steven J. Ross. Creating a Culture of Security , 2011 .

[6] Jan H. P. Eloff,et al. A framework and assessment instrument for information security culture , 2010, Comput. Secur..

[7] Pamela Briggs,et al. Using behavioural insights to improve the public’s use of cyber security best practices , 2014 .

[8] Johan Van Niekerk,et al. Combating Information Security Apathy By Encouraging Prosocial Organisational Behaviour , 2011, HAISA.

[9] Bilal Khan,et al. Effectiveness of information security awareness methods based on psychological theories , 2011 .

[10] Technological Educational,et al. Information Security: Corporate Culture and Organizational Commitment , 2011 .

[11] Rossouw von Solms,et al. Towards information security behavioural compliance , 2004, Comput. Secur..

[12] Yves Lafrance. Psychology: A precious security tool , 2004 .

[13] Ayako Komatsu,et al. Who Sometimes Violates the Rule of the Organizations? An Empirical Study on Information Security Behaviors and Awareness , 2012, WEIS.