Developing a cyber security culture: Current practices and future needs

Uchendu, Betsy; Nurse, Jason R. C.; Bada, Maria; Furnell, Steven

doi:10.1016/j.cose.2021.102387

Cited by 93 publications

(51 citation statements)

References 56 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Cybersecurity culture is a related concept that has recently emerged as relevant to consider. It has been described as a sub-culture of organisational culture, involving values and attitudes that drive cybersecurity behaviours within the organisation (Huang and Pearlson, 2019;Uchendu et al, 2021). In the literature, the terms of information security culture and cybersecurity culture are often used interchangeably, and a recent review of cybersecurity found few studies that considered any differences between the two (Uchendu et al, 2021).…”

Section: Value Conflicts and Information Securitymentioning

confidence: 99%

“…It has been described as a sub-culture of organisational culture, involving values and attitudes that drive cybersecurity behaviours within the organisation (Huang and Pearlson, 2019;Uchendu et al, 2021). In the literature, the terms of information security culture and cybersecurity culture are often used interchangeably, and a recent review of cybersecurity found few studies that considered any differences between the two (Uchendu et al, 2021). The same review explored factors important for creating and maintaining a cybersecurity culture and found that top management support and clear policies and procedures were important.…”

Section: Value Conflicts and Information Securitymentioning

confidence: 99%

See 1 more Smart Citation

Value conflicts and information security – a mixed-methods study in high-risk industry

Gyllensten

Pousette

Törner

2021

ICS

View full text Add to dashboard Cite

Purpose The purpose of this study is to investigate the influence of work-related value conflicts on information security in two organisations in nuclear power production and related industry. Design/methodology/approach A mixed-methods design was applied. Individual interviews were conducted with 24 employees of two organisations in Sweden and questionnaire data on information security climate were collected from 667 employees (62%) in the same two organisations. Findings The qualitative part of the study identified five different types of value conflicts influencing information security behaviour. The quantitative part of the study found that value conflicts relating to information security had a negative relationship with rule-compliant behaviour. The opposite was found for participative security behaviour where there was a positive relationship with value conflicts. A high climate of information security was positively related to both rule-compliant and participative information security behaviour. It also moderated the effect of value conflicts on compliant information security behaviour. Originality/value This paper highlights organisational contextual conditions that influence employees’ motivation and ability to manage value conflicts relating to information security in a high-risk industry. It also enables a better understanding of the influence of the information security climate on information security in the presence of value conflicts in this type of industry.

show abstract

Section: Value Conflicts and Information Securitymentioning

confidence: 99%

Section: Value Conflicts and Information Securitymentioning

confidence: 99%

Value conflicts and information security – a mixed-methods study in high-risk industry

Gyllensten

Pousette

Törner

2021

ICS

View full text Add to dashboard Cite

show abstract

“…There are two reasons why we decided to exclude papers published before 2010. First, we wanted to focus on more recent research (the past decade), which is a common practice for SLRs [89,182]. Our results showed that relevant research was indeed more done in the past several years (see Figure 2).…”

Section: Systematic Literature Review (Slr)mentioning

confidence: 95%

A Survey of User Perspectives on Security and Privacy in a Home Networking Environment

Nandita

Nurse

2023

ACM Comput. Surv.

Self Cite

View full text Add to dashboard Cite

The security and privacy of smart home systems, particularly from a home user’s perspective, have been a very active research area in recent years. However, via a meta-review of 52 review papers covering related topics (published between 2000 and 2021), this paper shows a lack of a more recent literature review on user perspectives of smart home security and privacy since the 2010s. This identified gap motivated us to conduct a systematic literature review (SLR) covering 126 relevant research papers published from 2010 to 2021. Our SLR led to the discovery of a number of important areas where further research is needed; these include holistic methods that consider a more diverse and heterogeneous range of home devices, interactions between multiple home users, complicated data flow between multiple home devices and home users, some less-studied demographic factors, and advanced conceptual frameworks. Based on these findings, we recommended key future research directions, e.g., research for a better understanding of security and privacy aspects in different multi-device and multi-user contexts, and a more comprehensive ontology on the security and privacy of the smart home covering varying types of home devices and behaviors of different types of home users.

show abstract

“…Cybersecurity culture is one aspect of organisational culture (Marotta and Pearlson, 2019), but a very important aspect especially in the context of this study. For example, Uchendu et al (2021) states that the Culture Domain has been heavily studied in the past decade in research and practice as organisations seek to combat increased cyberattacks that focus on exploiting human factors. It is important to recognise that organisations in certain verticals are known to be more regulated in certain respects than others, and hence may require more stringent compliance and enforcement cybersecurity culture.…”

Section: Figure 2: Cross-domain Situational Awarenessmentioning

confidence: 99%

Multidimensional Cybersecurity Framework for Strategic Foresight

Onwubiko¹,

Ouazzane²

2022

IJCSA

View full text Add to dashboard Cite

Cybersecurity is now at the forefront of most organisations’ digital transformative agendas and National economic, social and political programmes. Hence its impact to society can no longer be seen to be one dimensional. The rise in National cybersecurity laws and regulations is a good indicator of its perceived importance to nations. And the recent awakening for social and ethical transparency in society and coupled with sustainability issues demonstrate the need for a paradigm shift in how cybersecurity discourses can now happen. In response to this shift, a multidimensional cybersecurity framework for strategic foresight underpinned on situational awareness is proposed. The conceptual cybersecurity framework comprising six domains – Physical, Cultural, Economic, Social, Political and Cyber – is discussed. The guiding principles underpinning the framework are outlined, followed by in-depth reflection on the Business, Operational, Technological and Human (BOTH) factors and their implications for strategic foresight for cybersecurity.

show abstract

Developing a cyber security culture: Current practices and future needs

Abstract: The version in the Kent Academic Repository may differ from the final published version. Users are advised to check http://kar.kent.ac.uk for the status of the paper. Users should always cite the published version of record.

Cited by 93 publications

References 56 publications

Value conflicts and information security – a mixed-methods study in high-risk industry

Value conflicts and information security – a mixed-methods study in high-risk industry

A Survey of User Perspectives on Security and Privacy in a Home Networking Environment

Multidimensional Cybersecurity Framework for Strategic Foresight

Contact Info

Product

Resources

About