Understanding and measuring information security culture
Paper
Paper/Presentation Title | Understanding and measuring information security culture |
---|---|
Presentation Type | Paper |
Authors | Alnatheer, Mohammed (Author), Chan, Taizan (Author) and Nelson, Karen (Author) |
Editors | Pan, S. L. and Cao, T. H. |
Journal or Proceedings Title | Proceedings of the 16th Pacific Asia Conference on Information Systems (PACIS 2012) |
ERA Conference ID | 43961 |
Year | 2012 |
Web Address (URL) of Paper | http://aisel.aisnet.org/pacis2012/144 |
Conference/Event | 16th Pacific Asia Conference on Information Systems (PACIS 2012) |
Pacific Asia Conference on Information Systems (PACIS) | |
Event Details | Pacific Asia Conference on Information Systems (PACIS) PACIS Rank A A A A A A A |
Event Details | 16th Pacific Asia Conference on Information Systems (PACIS 2012) Event Date 11 to end of 15 Jul 2012 Event Location Ho Chi Minh City, China |
Abstract | The purpose of the current paper was to develop a measurement of information security culture. Our literature analysis indicated a lack of clear conceptualization and distinction between factors that constitute information security culture and factors that influence information security culture. A sequential mixed method consisting of a qualitative phase to explore the conceptualisation of information security culture, and a quantitative phase to validate the model is adopted for this research. Eight interviews with information security experts in eight different Saudi organisations were conducted, revealing that security culture can be constituted as reflection of security awareness and security ownership. Additionally, the qualitative interviews have revealed that factors that influence security culture are top management involvement, policy enforcement, and training. These factors were confirmed formed the basis for our initial information security culture model, which was operationalised and tested in different Saudi Arabian organisations. Using data from two hundred and fifty-four valid responses, we demonstrated the validity and reliability of the information security culture model. We were further able to demonstrate the validity of the model in a nomological net, as well as provide some preliminary findings on the factors that influence information security culture. |
Keywords | Factors constitute security culture; Factors influence security culture; Security culture |
ANZSRC Field of Research 2020 | 390303. Higher education |
Public Notes | File reproduced in accordance with the copyright policy of the publisher/author. |
Byline Affiliations | Queensland University of Technology |
Institution of Origin | University of Southern Queensland |
https://research.usq.edu.au/item/q74v5/understanding-and-measuring-information-security-culture
Download files
Accepted Version
Understanding+And+Measuring+Information+Security+Culture.pdf | ||
File access level: Anyone |
72
total views22
total downloads0
views this month0
downloads this month