Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Understanding and transforming organizational security culture

Understanding and transforming organizational security culture Purpose – The purpose of this paper is to examine the practical issues, techniques and learning points associated with information security awareness and organizational change programmes. Design/methodology/approach – The paper is based on the findings and conclusions of research, observations and projects carried out in large organizations over the last two decades. It highlights failings and critical success factors in contemporary approaches to transform organizational culture. It draws on theory and research from the industrial safety field, and discusses its relevance in the information security field. Findings – The paper identifies the primary reasons why many contemporary enterprise security awareness programmes are ineffective. It discusses the nature of the problem and solution space, identifying the practical issues and opportunities, and gives recommendations on how future programmes can be improved. Research limitations/implications – The paper identifies gaps in current research, including the need to confirm whether or not certain findings about incidents in safety field might be applicable to security incidents. It calls for a new approach to information security management that incorporates theory and techniques drawn from psychology and marketing. Practical implications – The paper is intended to educate students and researchers working in the information security field on issues and techniques associated with information security awareness and organizational change programmes. It also provides practical advice for business organizations on how to design and implement such programmes. Originality/value – The paper takes a fresh approach to the subject, examining the relevance of theory and techniques adapted from other fields and drawing new conclusions about the requirements and approach for effective information security awareness and organizational change programmes. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Information Management & Computer Security Emerald Publishing

Understanding and transforming organizational security culture

Information Management & Computer Security , Volume 18 (1): 10 – Mar 23, 2010

Loading next page...
 
/lp/emerald-publishing/understanding-and-transforming-organizational-security-culture-AdlDwptxRY

References (5)

Publisher
Emerald Publishing
Copyright
Copyright © 2010 Emerald Group Publishing Limited. All rights reserved.
ISSN
0968-5227
DOI
10.1108/09685221011035223
Publisher site
See Article on Publisher Site

Abstract

Purpose – The purpose of this paper is to examine the practical issues, techniques and learning points associated with information security awareness and organizational change programmes. Design/methodology/approach – The paper is based on the findings and conclusions of research, observations and projects carried out in large organizations over the last two decades. It highlights failings and critical success factors in contemporary approaches to transform organizational culture. It draws on theory and research from the industrial safety field, and discusses its relevance in the information security field. Findings – The paper identifies the primary reasons why many contemporary enterprise security awareness programmes are ineffective. It discusses the nature of the problem and solution space, identifying the practical issues and opportunities, and gives recommendations on how future programmes can be improved. Research limitations/implications – The paper identifies gaps in current research, including the need to confirm whether or not certain findings about incidents in safety field might be applicable to security incidents. It calls for a new approach to information security management that incorporates theory and techniques drawn from psychology and marketing. Practical implications – The paper is intended to educate students and researchers working in the information security field on issues and techniques associated with information security awareness and organizational change programmes. It also provides practical advice for business organizations on how to design and implement such programmes. Originality/value – The paper takes a fresh approach to the subject, examining the relevance of theory and techniques adapted from other fields and drawing new conclusions about the requirements and approach for effective information security awareness and organizational change programmes.

Journal

Information Management & Computer SecurityEmerald Publishing

Published: Mar 23, 2010

Keywords: Data security; Risk management; Organizational change

There are no references for this article.