Comparing the information security culture of employees who had read the information security policy and those who had not-Reference-Cited by-同舟云学术

Comparing the information security culture of employees who had read the information security policy and those who had not

Published:2016-06-13 Issue:2 Volume:24 Page:139-151
ISSN:2056-4961
Container-title:Information & Computer Security
language:en
Short-container-title:ICS

Author:

Da Veiga Adéle

Abstract

Purpose This study aims, firstly, to determine what influence the information security policy has on the information security culture by comparing the culture of employees who read the policy to those who do not, and, secondly, whether a stronger information security culture is embedded over time if more employees have read the information security policy. Design/methodology/approach An empirical study is conducted at four intervals over eight years across 12 countries using a validated information security culture assessment (ISCA) questionnaire. Findings The overall information security culture average scores as well as individual statements for all four survey assessments were significantly more positive for employees who had read the information security policy compared with employees who had not. The overall information security culture also improved from one assessment to the next. Research limitations/implications The information security culture should be measured and benchmarked over time to monitor change and identify and prioritise actions to improve the information security culture. If employees read the information security policy, it has a positive influence on the information security culture of an organisation. Practical implications Organisations should ensure that employees have read the information security policy to aid in minimising the human risk, related errors and incidents and, ultimately, to instil a stronger information security culture with a higher level of compliant behaviour. Originality/value This research confirms theoretical research indicating that the information security policy could influence the information security culture positively. It provides novel and statistical evidence illustrating that if employees read the information security policy, they have a stronger information security culture and that the culture can be improved through targeted interventions using an ISCA.

Publisher

Emerald

Subject

Management of Technology and Innovation,Information Systems and Management,Computer Networks and Communications,Information Systems,Software,Management Information Systems

Reference39 articles.

1. Improving information security behaviour in the healthcare context;Procedia Technology,2013

2. Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness;MIS Q,2010

3. Information security culture: a comparative analysis of four assessments,2014

Cited by 49 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Assessing information security culture: A mixed-methods approach to navigating challenges in international corporate IT departments;Computers & Security;2024-09

2. Perceptions and dilemmas around cyber-security in a Spanish research center after a cyber-attack;International Journal of Information Security;2024-04-04

3. Cyberloafing deterrence in the public sector of Ghana;THE ELECTRONIC JOURNAL OF INFORMATION SYSTEMS IN DEVELOPING COUNTRIES;2024-01-24

4. Exploring the critical success factors of information security management: a mixed-method approach;Information & Computer Security;2024-01-23

5. An Investigation of the Factors That Influence Information Security Culture in Government Organizations in Bhutan;Journal of Global Information Technology Management;2024-01-02