Understanding Information Security Culture: A Conceptual Framework
نویسندگان
چکیده
The importance of establishing an information security culture in an organization has become a well established idea. The aim of such a culture is to address the various human factors that can affect an organization’s overall information security efforts. However, understanding both the various elements of an information security culture, as well as the relationships between these elements, can still be problematic. Schein’s definition of a corporate culture is often used to aid understanding of an information security culture. This paper briefly introduces Schein’s model. It then incorporates the important role knowledge plays in information security into this definition. Finally, a conceptual framework to aid understanding of the interactions between the various elements of such a culture, is presented. This framework is explained by means of illustrative examples, and it is suggested that this conceptual framework can be a useful aid to understanding information security culture.
منابع مشابه
The Conceptual Framework of Individual and Social Security Provision in Residential Complexes Based on Iranian-Islamic Foundations
Security as one of the basic human needs has a special place in relaxation, comfort and spiritual needs provision. For this reason, security is always of managers, planners, architects and urban designers' interest. Solutions and strategies of security provision have been fundamentally changed following prevailing change of housing architecture patterns from homes to residential complexes and h...
متن کاملUnderstanding Challenges of Information Security Culture: A Methodological Issue
Although, many organisations have implemented technical solutions to protect information resources from adverse events, internal security breaches continue to occur. Therefore an approach that emphasises an information security culture within the organisation is required to make security a part of employees’ daily work routines. In order to develop a successful information security culture with...
متن کاملInformation security culture: A Behaviour Compliance Conceptual Framework
Understanding the complex dynamic and uncertain characteristics of organisational employees who perform authorised or unauthorised information security activities is deemed to be a very important and challenging task. This paper presents a conceptual framework for classifying and organising the characteristics of organisational subjects involved in these information security practices. Our fram...
متن کاملInformation Security Subcultures of Professional Groups in Organizations: A Conceptual Framework Abstract
The need for a strong security culture in organizations has been emphasized by many researchers. Cultures in some organizations are known to be differentiated, i.e., there may be variations in cultures across professional groups within a single organization. The (sub)culture of a professional group in an organization is influenced by many factors. In the current article, we propose a theory-bas...
متن کاملInformation security management: A case study of an information security culture
This thesis argues that in order to establish a sound information security culture it is necessary to look at organisation’s information security systems in a sociotechnical context. The motivation for this research stems from the continuing concern of ineffective information security in organisations, leading to potentially significant monetary losses. It is important to address both technical...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006