Information security culture and information protection culture: A validated assessment instrument

Thumbnail Image

Files

Inf sec culture and inf protection culture_Computer Law and Security 2015.pdf (454.97 KB)

Authors

Da Veiga, Adele
Martins, Nico

Issue Date

2015

Type

Article

Language

en

Keywords

information security , information security culture , information protection culture , privacy , personal information , assessment , behaviour , human , questionnaire

Research Projects

Organizational Units

Journal Issue

Alternative Title

Abstract

A strong information protection culture is required in organisations where the confidentiality, sensitivity and privacy of information are understood and handled accordingly. This is necessary to reduce the risk of human behaviour to the protection of information as well as to uphold privacy requirements from a regulatory perspective. This research explores the concept of an information security culture and how information privacy can be incorporated to define an information protection culture. Next, the researchers explain information attributes relating to information security and information privacy to derive information attributes that can be considered when referring to an information protection culture. The information attributes are used to evaluate an existing information security culture assessment instrument that can potentially be used to assess an information protection culture. The research reveals that the information security culture assessment (ISCA) instrument can be used, but that it can be further improved by incorporating additional privacy concepts. An information protection culture assessment (IPCA) is conducted as part of a case study in an organisation. This allowed for a factor and reliability analysis to validate the IPCA. The analysis indicated that the IPCA is valid and reliable when grouping the items into the newly identified factors, but can further be enhanced by aligning it to information privacy attributes.

Description

Citation

Adéle da Veiga, Nico Martins, Information security culture and information protection culture: A validated assessment instrument, Computer Law & Security Review, 31, 2015, Pages 243-256

Publisher

Elsevier

License

Journal

Volume

Issue

URI

https://uir.unisa.ac.za/handle/10500/26785

PubMed ID

DOI

ISSN

0267-3649

EISSN

Collections

Research Outputs (School of Computing)
Open Research Collection