For What Technology Can’t Fix: Building a Model of Organizational Cybersecurity Culture

Huang, Keman; Pearlson, Keri

doi:10.24251/hicss.2019.769

Cited by 36 publications

(26 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…[5] A consciously developed culture of data protection can increase cyberresiliency. [3] In environments that function on trust and collective responsibility, peer monitoring reduces ISP violation intention. [14]…”

Section: Individualitymentioning

confidence: 99%

See 1 more Smart Citation

What Triggers Violation of Information Security Policies

Dhawan¹

2022

IJCATR

View full text Add to dashboard Cite

This paper offers a framework for information security professionals to evaluate ISP and understand policy non-adherence. It explores the different types of non-adhering behaviors and the motivations behind them. It goes on to share information about the environmental/organizational climates in which non-compliant behaviors are more or less likely to occur and briefly touches on when users are more likely to commit them. Finally, it suggests a user review process as a critical part of information security policy design and implementation.

show abstract

Section: Individualitymentioning

confidence: 99%

“…Building awareness and a culture of trust around information security improve the chances that ISP will be implemented consistently. [3] Costly data breaches could be mitigated, decreased, or avoided altogether.…”

Section: Introductionmentioning

confidence: 99%

What Triggers Violation of Information Security Policies

Dhawan¹

2022

IJCATR

View full text Add to dashboard Cite

show abstract

“…Sharing this view, we perceive that providing managers with the adequate tool to operate is the way forward. Also, studies on the social impact on information security address the influence of external systems in their culture models [19] demonstrating the need for the multiscale visibility our solution provides. Finally, formalizing human involvement in applying security processes as well as supporting diversity of security approaches through genericity are essential.…”

Section: Related Work and Problematicmentioning

confidence: 99%

An Operational Responsibility and Task Monitoring Method: A Data Breach Case Study

Assoul¹,

Rabii²,

Roudiès³

2021

Adv. sci. technol. eng. syst. j.

View full text Add to dashboard Cite

As a result of digitalization, services become highly dependent on information systems thus increasing the criticality of security management. However, with system complexity and the involvement of more human resources, it becomes more arduous to monitor and track tasks and responsibilities. This creates a lack of visibility hindering decision making. To support operational monitoring, we propose a method composed of i) a core of security concepts from International Standard Organization (ISO) standards ii) a graphical modeling language iii) a guiding process and iv) a tool that provides verification through formal Object Constraint Language (OCL) queries. Applying this method to the case of the Capital One data breach showcases incident prevention through task supervision. The resulting work product is a formal comprehensive map of assets, actors, tasks and responsibilities. The SysML formalism allows different actors to extract information from the map using OCL queries. This allows for regular task and responsibility verification thus closing any window of attack possible.

show abstract

“…Finally, a set of policies, procedures, guidelines and standards is of little use if they are not used and implemented by employees. In this respect, the establishment of a cybersecurity culture can make a decisive contribution to increasing cyber resilience and steering employee behavior in the right direction (Huang and Pearlson, 2019).…”

Section: Organizational Aspects Of Cybersecuritymentioning

confidence: 99%

Organizational aspects of cybersecurity in German family firms – Do opportunities or risks predominate?

Ulrich

Timmermann

Frank

2021

OCJ

View full text Add to dashboard Cite

PurposeThe starting point for the considerations the authors make in this paper are the special features of family businesses in the area of management discussed in the literature. It has been established here that family businesses sometimes choose different organizational setups than nonfamily businesses. This has not yet been investigated for cybersecurity. In the context of cybersecurity, there has been little theoretical or empirical work addressing the question of whether the qualitative characteristics of family businesses have an impact on the understanding of cybersecurity and the organization of cyber risk defense in the companies. Based on theoretically founded hypotheses, a quantitative empirical study was conducted in German companies.Design/methodology/approachThe article is based on a quantitative-empirical survey of 184 companies, the results of which were analyzed using statistical-empirical methods.FindingsThe article asked – based on the subjective perception of cybersecurity and cyber risks – to what extent family businesses are sensitized to the topic and what conclusions they draw from it. An interesting tension emerges: family businesses see their employees more as a security risk, but do less than nonfamily businesses in terms of both training and organizational establishment. Whether this is due to a lack of technical or managerial expertise, or whether family businesses simply think they can prevent cybersecurity with less formal methods such as trust, is open to conjecture, but cannot be demonstrated with the research approach taken here. Qualitative follow-up studies are needed here.Originality/valueThis paper represents the first quantitative survey on cybersecurity with a specific focus on family businesses. It shows tension between awareness, especially of risks emanating from employees, and organizational routines that have not been implemented or established.

show abstract

For What Technology Can’t Fix: Building a Model of Organizational Cybersecurity Culture

Cited by 36 publications

References 8 publications

What Triggers Violation of Information Security Policies

What Triggers Violation of Information Security Policies

An Operational Responsibility and Task Monitoring Method: A Data Breach Case Study

Organizational aspects of cybersecurity in German family firms – Do opportunities or risks predominate?

Contact Info

Product

Resources

About