Information security culture - validation of an assessment instrument
Loading...
Authors
Da Veiga, Adele
Eloff, J.H.P
Martins, Nico
Issue Date
2007-04
Type
Article
Language
en
Keywords
Information security culture – validation of an assessment instrument
Alternative Title
Abstract
Organisations need to ensure that the interaction among people, as well as between people and information technology (IT) systems, contributes to the protection of information assets. Organisations therefore need to assess their employees' behaviour and attitudes towards the protection of information assets in order to establish whether employee behaviour is an asset or a threat to the protection of information. One approach that organisations could use is to assess whether an acceptable level of information security culture has been inculcated in the organisation and, if not, take corrective action. The aim of this paper is to validate an information security culture assessment instrument. This is achieved by performing a factor and reliability analysis on the data from an information security culture assessment in a financial organisation. The results of the analysis are used to identify areas for improving the information security culture assessment instrument. The study makes a contribution to the existing body of knowledge concerned with the assessment of information security culture and its value for management to ensure the protection of information assets.
Description
Citation
Da Veiga, A., Martins, N. & Eloff, J.H.P (2007). Information security culture – validation of an assessment instrument. Southern African Business Review, 11(1), 147-166
Publisher
License
Journal
Volume
Issue
PubMed ID
DOI
ISSN
1561896X