Institutional Repository

Defining and identifying dominant information security cultures and subcultures

Show simple item record Da Veiga, Adele Martins, Nico 2017-09-13T10:58:07Z 2017-09-13T10:58:07Z 2017-05-12
dc.identifier.issn 0167-4048
dc.description Please follow the doi link at the top of this record to view the online published version of this article.
dc.description.abstract consider the possibility of several information security subcultures that could be present in the organisation. This means that different geographical, ethnic or age groups of employees could have different assumptions, values and beliefs about the protection of information, resulting in unique information security subcultures. This research sets out to understand how dominant information security cultures and subcultures develop and how they can be influenced positively over time through targeted interventions. In support of this, a summary of the intrinsic and extrinsic factors that influence information security culture is presented. An empirical case study was conducted using a survey approach with a validated information security culture questionnaire to illustrate how to identify dominant information security cultures and subcultures. The survey was conducted at four intervals in the same organisation over a number of years to identify potential information security subcultures and to monitor the change, if targeted interventions for each are implemented. Using t-tests and ANOVA tests, a number of information security subcultures were identified, mostly evident across the organisation’s office locations (which are separated geographically), as well as between employees that worked in the IT division compared to those who did not.The data indicate that the dominant information security culture and subcultures improved over time to a more positive information security culture after the implementation of targeted interventions. This illustrates how the identification and targeting of information security subcultures with customised interventions can influence the information security culture positively. By using information security interventions, organisations can target their high risk subcultures and monitor the change over time through continuous assessment, thereby minimising the risk to information protection from a human perspective. en
dc.language.iso en en
dc.publisher Computers & Security (Elsevier Journal) en
dc.relation.ispartofseries 2017;70
dc.rights © 2017 Elsevier Ltd. All rights reserved
dc.rights.uri E-mail address: (A. da Veiga). 0167-4048/© 2017 Elsevier Ltd. All rights reserved.
dc.subject Information security culture, sub culture, dominant culture, influence, assess, change, quantitative research en
dc.title Defining and identifying dominant information security cultures and subcultures en
dc.type Article en
dc.description.department College of Engineering, Science and Technology en

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search UnisaIR


My Account