In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015)
Title: An Information Security Culture Model Validated with Structural Equation Modelling
Author(s): Nico Martins, Adele Da Veiga
Keywords: Information security culture, theoretical model, empirical model, policies, awareness, management, compliance
Abstract: Information security culture must be considered as part of the information security programme to direct employee behaviour. Such a culture can contribute to the protection of information and minimise the risk that employee behaviour poses. This paper proposes a theoretical model, i.e. an information security culture model (ISCM) with four mechanisms (i.e. management, policies, awareness and compliance) that potentially influence information security culture positively. ISCM is based on the information security culture assessment (ISCA) questionnaire dimensions that are correlated with the theoretical mechanisms (dimensions). The theoretical model is validated through structural equation modelling (SEM) using empirical data derived from an ISCA assessment. This research produces a sound theoretical information security culture model, which is supported by the empirical study and further confirms the research hypothesis that management, policies, awareness and compliance contribute to an information security-positive culture as represented by the validated model.
Download count: 1458
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.