Institutional Repository

An approach to information security culture change combining ADKAR and the ISCA questionnaire to aid transition to the desired culture

Show simple item record

dc.contributor.author Da Veiga, Adele
dc.date.accessioned 2018-12-03T07:01:42Z
dc.date.available 2018-12-03T07:01:42Z
dc.date.issued 2018
dc.identifier.issn 2056-4961
dc.identifier.uri http://hdl.handle.net/10500/25100
dc.description.abstract Purpose: Employee behaviour is a continuous concern owing to the number of information security incidents resulting from employee behaviour. The aim of this research is to propose an approach to information security culture change management that integrates existing change management approaches, such as the ADKAR model of Prosci, and the Information Security Culture Assessment (ISCA) diagnostic instrument (questionnaire), to aid in addressing the risk of employee behaviour that could compromise information security. Design/methodology/approach: The Information Security Culture Change Management (ISCCM) approach is constructed based on literature and the inclusion of the ISCA diagnostic instrument. The ISCA diagnostic instrument statements are also presented in this paper. The ISCCM approach using ISCA is illustrated using data from an empirical study. Findings: The ISCCM approach was found to be useful in defining change management interventions for organisations using the data of the ISCA survey. Employees’ perception and acceptance of change to ensure information security and the effectiveness of the information security training initiatives improved significantly from the as-is survey to the follow-up survey. Research limitations/implications: The research illustrates the ISCCM approach and shows how it should be combined with the ISCA diagnostic instrument. Future research will focus on including a qualitative assessment of information security culture to complement the empirical data. Practical implications: Organisations do not have to rely on or adapt organisational development approaches to change their information security culture – they can use the proposed ISCCM approach, which has been customised from information security and change management approaches, together with the presented ISCA questionnaire, to address information security culture change purposefully. Originality/value: The proposed ISCCM approach can be applied to complement existing information security management approaches through a holistic and structured approach that combines the ADKAR model, Prosci’s approach of change management and the ISCA diagnostic instrument. It will enable organisations to focus on transitioning to a positive or desired information security culture that mitigates the risk of the human element in the protection of information. en
dc.language.iso en en
dc.relation.ispartofseries 26;5
dc.subject Information security culture en
dc.subject ISCA en
dc.subject ADKAR en
dc.subject change management en
dc.subject transformation en
dc.subject questionnaire en
dc.subject human en
dc.title An approach to information security culture change combining ADKAR and the ISCA questionnaire to aid transition to the desired culture en
dc.type Article en
dc.description.department School of Computing en


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search UnisaIR


Browse

My Account

Statistics