Institutional Repository

Information Security Culture: A Comparative Analysis of Four Assessments

Show simple item record Da Veiga, Adele Martins, Nico 2014-11-03T15:32:36Z 2014-11-03T15:32:36Z 2014-09-08
dc.identifier.citation Da Veiga, A; Martins N. . (2014) Information Security Culture: A Comparative Analysis. 8th European Conference on Information Management and Evaluation (ECIME) Ghent 978‐1‐910309‐41‐4 pp 49-57
dc.identifier.isbn 978‐1‐910309‐41‐4
dc.description.abstract An Information Security Culture Assessment (ISCA) aids in identifying what components an organisation needs to enhance or impede to improve the protection of the organisation's information. The objective of the ISCA, developed in previous research by the authors, is to assess the current information security culture level in organisations using a survey approach. This paper discusses a case study of one of the international financial institutions where the ISCA was conducted four times over a period of eight years, across twelve countries. The research indicated that the information security culture improved from one assessment to the next, with the most positive results obtained in 2013. The Group Information Security Officer concentrated on training as the main improvement action in each country, in line with the recommendations of each assessment. It was found that the results of employees who received prior information security training were significantly more positive than those of employees who did not. The overall information security culture, from a dimensional and biographical perspective, also improved from one assessment to the next. The output of the ISCA can aid management in directing and prioritising information security awareness and training in terms of topics and biographical groups in the organisation. It provides insight into an approach that organisations can consider to address the risk to the protection of information, from an employee perspective. The trends identified in the case study also aid in understanding how an adequate information security culture can be inculcated in an organisation. en
dc.language.iso en en
dc.subject information security culture en
dc.subject training en
dc.subject awareness en
dc.subject benchmark en
dc.subject assessment en
dc.subject behaviour en
dc.title Information Security Culture: A Comparative Analysis of Four Assessments en
dc.type Article en
dc.description.department Computing en

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search UnisaIR


My Account