Access the full text.
Sign up today, get DeepDyve free for 14 days.
J. Brocke, Alexander Simons, K. Riemer, Björn Niehaves, Ralf Plattfaut, A. Cleven (2015)
Standing on the Shoulders of Giants: Challenges and Recommendations of Literature Search in Information Systems ResearchCommun. Assoc. Inf. Syst., 37
Management Information Systems Quarterly, 34
E. Steen (2003)
On the Origin of Shared Beliefs (and Corporate Culture) Preliminary
Burcu Bulgurcu, H. Cavusoglu, I. Benbasat (2010)
Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security AwarenessMIS Q., 34
A. Veiga, J. Eloff (2010)
A framework and assessment instrument for information security cultureComput. Secur., 29
(2015)
Information security breaches survey: executive summary
A. Veiga, N. Martins, J. Eloff (2007)
Information security culture - validation of an assessment instrument
A. Singh, M. Gupta, Amitabh Ojha (2014)
Identifying factors of "organizational information security management"J. Enterp. Inf. Manag., 27
G. Dhillon, G. Torkzadeh (2006)
Value‐focused assessment of information system security in organizationsInformation Systems Journal, 16
K. Thomson, R. Solms, L. Louw (2006)
Cultivating an organizational information security cultureComputer Fraud & Security, 2006
Thomas Peltier (2005)
Implementing an Information Security Awareness ProgramInformation Systems Security, 14
A. Alhogail (2015)
Design and validation of information security culture frameworkComput. Hum. Behav., 49
A. Alhogail, A. Mirza (2014)
Information security culture: A definition and a literature review2014 World Congress on Computer Applications and Information Systems (WCCAIS)
J. Niekerk, R. Solms (2010)
Information security culture: A management perspectiveComput. Secur., 29
A. Veiga, N. Martins (2015)
Information security culture and information protection culture: A validated assessment instrumentComput. Law Secur. Rev., 31
B. Schneider, A. Brief, Richard Guzzo (1996)
Creating a climate and culture for sustainable organizational changeOrganizational Dynamics, 24
S. Chang, Chin-Shien Lin (2007)
Exploring organizational culture for information security managementInd. Manag. Data Syst., 107
(2003)
On the origin and evolution of corporate culture, research and development
The purpose of this paper is to report on a study that investigated the information security culture in organisations in South Africa, with the aim of identifying key aspects of the culture. The unique aspects for building an information security culture were examined and presented in the form of an initial framework. These efforts are necessary to address the critical human aspect of information security in organisations where risky cyber behaviour is still experienced.Design/methodology/approachLiterature was investigated with the focus on the main keywords security culture and information security. The information security culture aspects of different studies were compared and analysed to identify key elements of information security culture after which an initial framework was constructed. An online survey was then conducted in which respondents were asked to assess the importance of the elements and to record possible missing elements/aspects regarding their organisation’s information security culture to construct an enhanced framework.FindingsA list of 21 unique security culture elements was identified from the literature. These elements/aspects were divided into three groups based on the frequency each was mentioned or discussed in studies. The number of times an element was found was interpreted as an indication of how important that element/aspect is. A further four aspects were added to the enhanced framework based on the results that emerged from the survey.Originality/valueThe value of this research is that an initial framework of information security culture aspects was constructed that can be used to ensure that an organisation incorporates all key aspects in its own information security culture. This framework was further enhanced from the results of the survey. The framework can also assist further studies related to the information security culture in organisations for improved security awareness and safer cyber behaviour of employees.
Information and Computer Security – Emerald Publishing
Published: May 28, 2019
Keywords: Organizations; Information security culture; Information security awareness and training; Key elements; Security culture
Read and print from thousands of top scholarly journals.
Already have an account? Log in
Bookmark this article. You can see your Bookmarks on your DeepDyve Library.
To save an article, log in first, or sign up for a DeepDyve account if you don’t already have one.
Copy and paste the desired citation format or use the link below to download a file formatted for EndNote
Access the full text.
Sign up today, get DeepDyve free for 14 days.
All DeepDyve websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.