Publication details

Home Publications Publication details

A Conceptual Model for Cultivating an Information Security Culture
Sherif E, Furnell SM
International Journal for Information Security Research (IJISR), Volume 5, Issue 2, pp565-573, 2015
Links:  External link available

In terms of information security, work within organisations should be guided by a culture of security, with the purpose of protecting the organisation's assets and affecting individual's behaviours towards better security behaviour. The way in which individuals behave with security controls that are implemented to protect an organisation's assets is crucial in protecting such assets. Should the behaviour of individuals not be security compliant, it could have an impact on an organisation's productivity and confidentiality of data. In this paper, key literature relating to security culture in the period of 1999 to 2014 is reviewed. The purpose is to identify frameworks and factors that have been postulated to cultivate a culture of security within organisations in order to develop a tool that assist organisations to cultivate such culture. Our contribution is being able to develop a conceptual model that can assist organisations in cultivating a security culture. The proposed model that comprises three sub-models of creating, maintaining and improving a security culture has been developed based on the outcome of the literature analysis that has identified senior management support, security behaviour, compliance, and awareness as crucial factors along with other variables that have an impact on the continuous process improvement of such a culture.

Sherif E, Furnell SM