Institutional Repository

Information security culture and information protection culture: A validated assessment instrument

Show simple item record

dc.contributor.author Da Veiga, Adele
dc.contributor.author Martins, Nico
dc.date.accessioned 2020-10-30T07:52:52Z
dc.date.available 2020-10-30T07:52:52Z
dc.date.issued 2015
dc.identifier.citation Adéle da Veiga, Nico Martins, Information security culture and information protection culture: A validated assessment instrument, Computer Law & Security Review, 31, 2015, Pages 243-256 en
dc.identifier.issn 0267-3649
dc.identifier.uri http://hdl.handle.net/10500/26785
dc.description.abstract A strong information protection culture is required in organisations where the confidentiality, sensitivity and privacy of information are understood and handled accordingly. This is necessary to reduce the risk of human behaviour to the protection of information as well as to uphold privacy requirements from a regulatory perspective. This research explores the concept of an information security culture and how information privacy can be incorporated to define an information protection culture. Next, the researchers explain information attributes relating to information security and information privacy to derive information attributes that can be considered when referring to an information protection culture. The information attributes are used to evaluate an existing information security culture assessment instrument that can potentially be used to assess an information protection culture. The research reveals that the information security culture assessment (ISCA) instrument can be used, but that it can be further improved by incorporating additional privacy concepts. An information protection culture assessment (IPCA) is conducted as part of a case study in an organisation. This allowed for a factor and reliability analysis to validate the IPCA. The analysis indicated that the IPCA is valid and reliable when grouping the items into the newly identified factors, but can further be enhanced by aligning it to information privacy attributes. en
dc.language.iso en en
dc.publisher Elsevier en
dc.subject information security en
dc.subject information security culture en
dc.subject information protection culture en
dc.subject privacy en
dc.subject personal information en
dc.subject assessment en
dc.subject behaviour en
dc.subject human en
dc.subject questionnaire en
dc.title Information security culture and information protection culture: A validated assessment instrument en
dc.type Article en
dc.description.department College of Engineering, Science and Technology en


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search UnisaIR


Browse

My Account

Statistics