Institutional Repository

Defining and identifying dominant information security cultures and subcultures

Show simple item record

dc.contributor.author Da Veiga, Adele
dc.contributor.author Martins, Nico
dc.date.accessioned 2017-09-13T10:58:07Z
dc.date.available 2017-09-13T10:58:07Z
dc.date.issued 2017-05-12
dc.identifier.issn 0167-4048
dc.identifier.uri http://hdl.handle.net/10500/23160
dc.description.abstract consider the possibility of several information security subcultures that could be present in the organisation. This means that different geographical, ethnic or age groups of employees could have different assumptions, values and beliefs about the protection of information, resulting in unique information security subcultures. This research sets out to understand how dominant information security cultures and subcultures develop and how they can be influenced positively over time through targeted interventions. In support of this, a summary of the intrinsic and extrinsic factors that influence information security culture is presented. An empirical case study was conducted using a survey approach with a validated information security culture questionnaire to illustrate how to identify dominant information security cultures and subcultures. The survey was conducted at four intervals in the same organisation over a number of years to identify potential information security subcultures and to monitor the change, if targeted interventions for each are implemented. Using t-tests and ANOVA tests, a number of information security subcultures were identified, mostly evident across the organisation’s office locations (which are separated geographically), as well as between employees that worked in the IT division compared to those who did not.The data indicate that the dominant information security culture and subcultures improved over time to a more positive information security culture after the implementation of targeted interventions. This illustrates how the identification and targeting of information security subcultures with customised interventions can influence the information security culture positively. By using information security interventions, organisations can target their high risk subcultures and monitor the change over time through continuous assessment, thereby minimising the risk to information protection from a human perspective. en
dc.language.iso en en
dc.publisher Computers & Security (Elsevier Journal) en
dc.relation.ispartofseries 2017;70
dc.subject Information security culture, sub culture, dominant culture, influence, assess, change, quantitative research en
dc.title Defining and identifying dominant information security cultures and subcultures en
dc.type Article en
dc.description.department College of Engineering, Science and Technology en


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search UnisaIR


Browse

My Account

Statistics