2015
DOI: 10.1016/j.cose.2014.12.006
|View full text |Cite
|
Sign up to set email alerts
|

Improving the information security culture through monitoring and implementation actions illustrated through a case study

Abstract: The human aspect, together with technology and process controls, needs to be considered as part of an information security programme. Current and former employees are still regarded as one of the root causes of information security incidents. One way of addressing the human aspect is to embed an information security culture where the interaction of employees with information assets contributes to the protection of these assets. In other words, it is critical to improve the information security culture in organ… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

1
71
0
1

Year Published

2016
2016
2020
2020

Publication Types

Select...
6
2

Relationship

1
7

Authors

Journals

citations
Cited by 96 publications
(73 citation statements)
references
References 35 publications
1
71
0
1
Order By: Relevance
“…An IS culture has been defined by various researchers [3,19,20,44,66]. It relates to the way things are done in the organisation to protect information [20], which is visible in artefacts (e.g. posters on online training), collective values, norms and knowledge (e.g.…”
Section: Background To Information Security Culturementioning
confidence: 99%
See 1 more Smart Citation
“…An IS culture has been defined by various researchers [3,19,20,44,66]. It relates to the way things are done in the organisation to protect information [20], which is visible in artefacts (e.g. posters on online training), collective values, norms and knowledge (e.g.…”
Section: Background To Information Security Culturementioning
confidence: 99%
“…There are numerous studies indicating which factors influence IS culture with the objective of transforming the culture [4,18,20,28,29,46,50,62,67,69,75,80]. These factors include aspects such as management, awareness, training, policies, compliance and national culture.…”
Section: Introductionmentioning
confidence: 99%
“…A clear picture of unpleasant consequences that can befall the organization should be communicated; for example, attention may be drawn to what can happen if a hacker is able to gain access to organizations' IS resources due to the direct activity of an employee who visits a compromised website using a work computer. The final step is to monitor such behaviors in the organization . The proposed instrument may have a role in all these steps.…”
Section: Discussionmentioning
confidence: 99%
“…Albrechtsen and Hovden (2007) claim that traditionally, the field of information security has been preoccupied by the first three stages. However, during the last decade it entered the fourth stage by an increased attention to individual awareness and behavior (Stanton et al, 2005;Möller et al, 2011;Shropshire et al, 2015) as well as the concept of information security culture (Ruighaver et al, 2007;van Niekerk and von Solms, 2010;da Veiga, 2015). In order for information security to reach the fifth step, we claim that there is a need to investigate adaptive management strategies.…”
Section: Introductionmentioning
confidence: 99%