论文信息 - Information security culture: A management perspective

Information security culture: A management perspective

Information technology has become an integral part of modern life. Today, the use of information permeates every aspect of both business and private lives. Most organizations need information systems to survive and prosper and thus need to be serious about protecting their information assets. Many of the processes needed to protect these information assets are, to a large extent, dependent on human cooperated behavior. Employees, whether intentionally or through negligence, often due to a lack of knowledge, are the greatest threat to information security. It has become widely accepted that the establishment of an organizational sub-culture of information security is key to managing the human factors involved in information security. This paper briefly examines the generic concept of corporate culture and then borrows from the management and economical sciences to present a conceptual model of information security culture. The presented model incorporates the concept of elasticity from the economical sciences in order to show how various variables in an information security culture influence each other. The purpose of the presented model is to facilitate conceptual thinking and argumentation about information security culture.

Rossouw von Solms | Johan Van Niekerk | J. V. Niekerk | R. V. Solms

[1] J. Creswell. Qualitative inquiry and research design: choosing among five traditions. , 1998 .

[2] N. Carr. IT doesn't matter , 2003, IEEE Engineering Management Review.

[3] Stephanie Teufel,et al. Information security culture - from analysis to change , 2003, South Afr. Comput. J..

[4] J. Wylder. Strategic Information Security , 2003 .

[5] E. Schein. The Corporate Culture Survival Guide , 1999 .

[6] William L. Simon,et al. The Art of Deception: Controlling the Human Element of Security , 2001 .

[7] Rossouw von Solms,et al. Understanding Information Security Culture: A Conceptual Framework , 2006, ISSA.

[8] Mikko T. Siponen,et al. Five dimensions of information security awareness , 2001, CSOC.

[9] Sebastiaan H. von Solms,et al. Information Security Management: An Approach to Combine Process Certification And Product Evaluation , 2000, Comput. Secur..

[10] Sebastiaan H. von Solms,et al. Information Security - The Third Wave? , 2000, Comput. Secur..

[11] T. Schlienger,et al. Information security culture - from analysis to change : research article , 2003 .