In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Eleventh International Symposium on Human Aspects of Information Security & Assurance (HAISA 2017)
Title: A comperhansive framework for cultivating and assessing Information Security Culture
Author(s): Alaa Tolah, Steven Furnell, Maria Papadaki
Keywords: Information Security Culture (ISC), Insider threat, Human factor
Abstract: The efficiency of different technical security controls is based on people who interact with the information daily. An understanding of human behavioural aspects is required in order to improve the security of information assets. One of the measures that can be used as a way to reduce risks posed by a human is by establishing an information security culture that aims to protect information by guiding organisations on how to protect assets, as well as exerting an influence upon the employee’s behaviour regarding the security. Previous analyses have concluded that an understanding of the information security culture and its measurements are still lacking. Specifically, more research needs to provide a comprehensive view that guides and integrates the important factors that shape, or have an impact on, the information security culture. Furthermore, there are efficient factors that were widely investigated in the organisational behaviour literature and can motivate employee behaviour toward the information security. These factors have not been deeply considered in the information security culture field. In this paper, a comprehensive literature analysis relating to the information security culture is conducted. This study proposes an initial information security culture framework by considering the identified human factors that can be used to measure the level of the information security culture and assist researchers and practitioners to understand the complexity and challenges of the information security culture.
Download count: 1224
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.