Information security culture: A Behaviour Compliance Conceptual Framework
Paper
Paper/Presentation Title | Information security culture: A Behaviour Compliance Conceptual Framework |
---|---|
Presentation Type | Paper |
Authors | Alfawaz, Salahuddin (Author), Nelson, Karen (Author) and Mohannak, Kavoos (Author) |
Journal or Proceedings Title | Proceedings of the 8th Australasian Information Security Conference (AISC 2010) |
ERA Conference ID | 60222 |
Journal Citation | 105, pp. 47 - 55 |
Number of Pages | 9 |
Year | 2010 |
Place of Publication | Brisbane, Australia |
ISBN | 9781920682866 |
Digital Object Identifier (DOI) | https://doi.org/10.5555/1862266.1862275 |
Web Address (URL) of Paper | https://dl.acm.org/doi/10.5555/1862266.1862275 |
Conference/Event | 8th Australasian Information Security Conference (AISC 2010) |
Conferences in Research and Practice in Information Technology (CRPIT) | |
Event Details | 8th Australasian Information Security Conference (AISC 2010) Event Date 19 to end of 20 Jan 2010 Event Location Brisbane, Australia |
Event Details | Conferences in Research and Practice in Information Technology (CRPIT) CRPIT |
Abstract | Understanding the complex dynamic and uncertain characteristics of organisational employees who perform authorised or unauthorised information security activities is deemed to be a very important and challenging task. This paper presents a conceptual framework for classifying and organising the characteristics of organisational subjects involved in these information security practices. Our framework expands the traditional Human Behaviour and the Social Environment perspectives used in social work by identifying how knowledge, skills and individual preferences work to influence individual and group practices with respect to information security management. The classification of concepts and characteristics in the framework arises from a review of recent literature and is underpinned by theoretical models that explain these concepts and characteristics. Further, based upon an exploratory study of three case organisations in Saudi Arabia involving extensive interviews with senior managers, department managers, IT managers, information security officers, and IT staff; this article describes observed information security practices and identifies several factors which appear to be particularly important in influencing information security behaviour. These factors include values associated with national and organisational culture and how they manifest in practice, and activities related to information security management. |
Keywords | information security management; conceptual framework; information security culture; information security behaviour and compliance |
ANZSRC Field of Research 2020 | 390303. Higher education |
Public Notes | File reproduced in accordance with the copyright policy of the publisher/author. |
Byline Affiliations | Queensland University of Technology |
Institution of Origin | University of Southern Queensland |
https://research.usq.edu.au/item/q74w0/information-security-culture-a-behaviour-compliance-conceptual-framework
Download files
458
total views334
total downloads11
views this month5
downloads this month