Affiliation:
1. University of South Africa, South Africa
Abstract
A security culture can be a competitive advantage when employees uphold strong values for the protection of information and exhibit behavior that is in compliance with policies, thereby introducing minimal incidents and breaches. The security culture in an organization might, though, not be similar among departments, job levels, or even generation groups. It can pose a risk when it is not conducive to the protection of information and when security incidents and breaches occur due to employee error or negligence. This chapter aims to give organizations an overview of the concept of security culture, the factors that could influence it, an approach to assess the security culture, and to prioritize and tailor interventions for high-risk areas. The outcome of the security culture assessment can be used as input to define security awareness, training, and education programs aiding employees to exhibit behavior that is in compliance with security policies.
Reference83 articles.
1. Design and validation of information security culture framework
2. Cultivating and Assessing an Organizational Information Security Culture; an Empirical Study
3. All European Academics (ALLEA). (2017). The European Code of Conduct for Research Integrity. Retrieved from https://ec.europa.eu/research/participants/data/ref/h2020/other/hi/h2020-ethics_code-of-conduct_en.pdf
4. Understanding and Measuring Information Security Culture in Developing Countries: Case of Saudi Arabia.;M.Alnatheer;Proceedings of the Pacific Asia Conference on Information Systems (PACIS),2012
5. CISOs and organisational culture: Their own worst enemy?