Organisational culture, procedural countermeasures, and employee security behaviour

Connolly, Lena Yuryna; Lang, Michael; Gathegi, John N.; Tygar, Doug

doi:10.1108/ics-03-2017-0013

Cited by 44 publications

(19 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moreover, this view lacks reliability due to the lack of consensus on the shared cultural values for the assessment of information security culture. This view has an added value of fruitfulness as it contributes to the development of research that is based on national cultures [24] such as crosscultural studies [52] and those based on organizational culture [10,47]. The action-based view.…”

Section: Discussionmentioning

confidence: 99%

“…This ISC is developed, learned and changes with time with the aim to protect information assets and preserve confidentiality, integrity, and availability of information and information systems resources so as meet to the core organization vision" [38] but they emphasized on a set of shared values in the organization. For instance, Connolly et al [10] investigated the impact of organizational values such as people-orientation, solidarity, sociability, task orientation and flat [31] on individual security behaviors. Tang, Li, & Zhan [47] defined information security culture by using values-based dimensions such as accountability, communication, compliance and governance.…”

Section: 1mentioning

confidence: 99%

“…This complexity of culture has also impacted the theoretical clarity and conceptualization of information security culture in the literature. Depending on the culture theory used, researchers in information security culture focus their understanding of information security culture on actions (behaviors) [38,49], and shared organizational values [7,10,11]. Other researchers categorize information security culture as a part of or as a subculture of organizational culture [42].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Critical Analysis of Information Security Culture Definitions

Ruhwanya

Ophoff

2020

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

This article aims to advance the understanding of information security culture through a critical reflection on the wide-ranging definitions of information security culture in the literature. It uses the hermeneutic approach for conducting literature reviews. The review identifies 16 definitions of information security culture in the literature. Based on the analysis of these definitions, four different views of culture are distinguished. The shared values view highlights the set of cultural value patterns that are shared across the organization. An action-based view highlights the behaviors of individuals in the organization. A mental model view relates to the abstract view of the individual's thinking on how information security culture must work. Finally, a problem-solving view emphasizes a combination of understanding from shared value-based and actionbased views. The paper analyzes and presents the limitations of these four views of information security culture definitions.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: 1mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Critical Analysis of Information Security Culture Definitions

Ruhwanya

Ophoff

2020

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

show abstract

“…The articles listed in this subcategory focuses on the habitual practice of doing things by the organizations and its individuals. The way things are done around here is the common theme found in the articles about organizational culture [48,52]. The way things are done around here to protect organizational information assets is the common theme to describe information security culture [48,53,54].…”

Section: Classificationmentioning

confidence: 99%

A Descriptive Review and Classification of Organizational Information Security Awareness Research

Hutchinson

Ophoff

2020

Information and Cyber Security

View full text Add to dashboard Cite

Information security awareness (ISA) is a vital component of information security in organizations. The purpose of this research is to descriptively review and classify the current body of knowledge on ISA. A sample of 59 peerreviewed academic journal articles, which were published over the last decade from 2008 to 2018, were analyzed. Articles were classified using coding techniques from the grounded theory literature-review method. The results show that ISA research is evolving with behavioral research studies still being explored. Quantitative empirical research is the dominant methodology and the top three theories used are general deterrence theory, theory of planned behavior, and protection motivation theory. Future research could focus on qualitative approaches to provide greater depth of ISA understanding.

show abstract

“…Prior studies have found that security policies and security education can reduce the level of information systems misuse (Connolly, Lang, Gathegi, & Tygar, 2017;Hovav & D 'Arcy, 2012) but the mere existence alone of security policies without proper governance is ineffective (Da Veiga & Eloff, 2007;Shaaban & Conrad, 2013). In their proposed research agenda for information security, Crossler et al (2013) suggest that "it is likely those who are in high-power distance cultures are more readily willing to comply with detailed policy requirements, whereas those from low-power distance cultures are likely to pick-and-choose which policies they feel they should obey."…”

Section: Power Distancementioning

confidence: 99%

Information Security Behavior: A Cross-Cultural Comparison of Irish and US Employees

Connolly

Lang

Wall

2019

Information Systems Management

Self Cite

View full text Add to dashboard Cite

This study explores how aspects of perceived national culture affect the information security attitudes and b ehavior of employees. Data was collected using 19 semi-structured interviews in Ireland and the United States of America (US). The main findings are that US employees in the ob served organizations are more inclined to adopt formalized information security policies and procedures than Irish employees, and are also more likely to have higher levels of compliance and lower levels of non-compliance.

show abstract

Organisational culture, procedural countermeasures, and employee security behaviour

Cited by 44 publications

References 45 publications

Critical Analysis of Information Security Culture Definitions

Critical Analysis of Information Security Culture Definitions

A Descriptive Review and Classification of Organizational Information Security Awareness Research

Information Security Behavior: A Cross-Cultural Comparison of Irish and US Employees

Contact Info

Product

Resources

About