A cybersecurity culture research philosophy and approach to develop a valid and reliable measuring instrument

Veiga, Adéle Da

doi:10.1109/sai.2016.7556102

Cited by 31 publications

(24 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, though cybersecurity culture has a profound impact on risk, it can be difficult to identify, build, and quantify [6], [7]. Examining other kinds of organizational culture provides a foundation for a model of cybersecurity culture.…”

Section: Introductionmentioning

confidence: 99%

For What Technology Can’t Fix: Building a Model of Organizational Cybersecurity Culture

Huang¹,

Pearlson²

2019

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Organizational cybersecurity requires more than just the latest technology. To secure an organization, all members of the organization must act to reduce risk. Leaders have a special responsibility to understand, shape and align the beliefs, values, and attitudes of the entire organization with overall security goals. Managers need practical solutions for dealing with the human side of cybersecurity. The model presented in this paper describes organizational cybersecurity culture, the factors that contribute to its creation, and how it can be measured. A case study of a "culture of data protection" created by leaders at financial services firm Liberty Mutual illustrates these factors to help managers understand and apply recommendations to create a more mature cyber security culture in their organization.

show abstract

Section: Introductionmentioning

confidence: 99%

For What Technology Can’t Fix: Building a Model of Organizational Cybersecurity Culture

Huang¹,

Pearlson²

2019

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

show abstract

Section: Introductionmentioning

confidence: 99%

“…Cyber threats include identity theft [2] and unauthorised access to an organisational network [3]. Denial of Service (DoS) attacks, malicious insiders, web-based attacks [4], human error [3], phishing emails and inadequate security monitoring [5] are also documented threats. There are some reasons which contribute to the success of these attacks, for example, preventative equipment failures [6], lack of technical awareness [7], unauthorised access [3] and malicious employees [4].…”

Section: Introductionmentioning

confidence: 99%

“…Denial of Service (DoS) attacks, malicious insiders, web-based attacks [4], human error [3], phishing emails and inadequate security monitoring [5] are also documented threats. There are some reasons which contribute to the success of these attacks, for example, preventative equipment failures [6], lack of technical awareness [7], unauthorised access [3] and malicious employees [4]. Some basic security controls such as encryption, anti-virus software, firewalls and intrusion detection systems (IDS) suggested by Sen, Ahmed and Islam [8] could be used to prevent cyber-attacks.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Cybersecurity Readiness of E-tail Organisations: A Technical Perspective

Shah

Muhammad²,

Ameen³

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Cybersecurity readiness is a challenging issue for online retail businesses which are losing billions of dollars due to cyber-crimes and a lack of readiness to manage these. Therefore, research into cybersecurity readiness in the online retail industry is needed. Technical tools are the foremost measures of defence against these attacks. This study investigates cybersecurity readiness from the technical perspective in some UK online retailers. This research adopted a qualitative case study approach with semi-structured interviews for collecting data. A total of 15 interviews were conducted with an online retail company's staff and management who had responsibility for managing cybersecurity. A thematic analysis method was used to analyse the qualitative data. The research findings show that the company is facing internal and external threats to their information systems and their technical defences are not very effective at present. The company should consider investing more resources in the technical controls to prevent these attacks.

show abstract

“…While the role of cultivating a culture in pursuing cybersecurity is wellappreciated, research focusing intensely on defining and measuring cybersecurity culture is still in its infancy [7]. Furthermore, studies conducted by Reid and van Niekerk [8], [9] revealed that there are no widely accepted key concepts that delimit a cybersecurity culture.…”

Section: Introductionmentioning

confidence: 99%

Cybersecurity Culture: An Ill-Defined Problem

Gcaza

Solms

2017

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Cybersecurity necessitates the development of a solution that encourages acceptable user behaviour in the reality of cyberspace. Nowadays, users are considered to be the weakest link in the security chaindue to their insecure behaviour and their lack of awareness. However, even users who possess more cybersecurity awareness are reported to behave no differently from those who lack any form of cybersecurity awareness. Therefore, cultivating a cybersecurity culture is regarded as the best approach for addressing the human factors that weaken the cybersecurity chain. Research focusing on defining and measuring the cybersecurity culture is considered to be lacking. Additionally, there is an apparent lack of widely accepted key concepts that further delimits the culture. Both these assertions suggest that cybersecurity culture is an illdefined problem. Therefore, this paper will attempt to confirm that cybersecurity culture is an ill-defined problem by means of content analysis. Classifying cybersecurity culture as an ill-defined problem can guide future researchers in what problem-solving processes to employ when addressing the problem of cybersecurity culture.

show abstract

A cybersecurity culture research philosophy and approach to develop a valid and reliable measuring instrument

Cited by 31 publications

References 14 publications

For What Technology Can’t Fix: Building a Model of Organizational Cybersecurity Culture

For What Technology Can’t Fix: Building a Model of Organizational Cybersecurity Culture

Cybersecurity Readiness of E-tail Organisations: A Technical Perspective

Cybersecurity Culture: An Ill-Defined Problem

Contact Info

Product

Resources

About