Information Security Culture: The Socio-Cultural Dimension in Information Security Management
SEC '02 Proceedings of the IFIP TC11 17th International Conference on Information Security: Visions and Perspectives
DEXA '03 Proceedings of the 14th International Workshop on Database and Expert Systems Applications
A review of information security issues and respective research contributions
ACM SIGMIS Database
Identifying Governance Dimensions to Evaluate Information Systems Security in Organizations
HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
Computers in Human Behavior
Hi-index | 0.00 |
Understanding the complex dynamic and uncertain characteristics of organisational employees who perform authorised or unauthorised information security activities is deemed to be a very important and challenging task. This paper presents a conceptual framework for classifying and organising the characteristics of organisational subjects involved in these information security practices. Our framework expands the traditional Human Behaviour and the Social Environment perspectives used in social work by identifying how knowledge, skills and individual preferences work to influence individual and group practices with respect to information security management. The classification of concepts and characteristics in the framework arises from a review of recent literature and is underpinned by theoretical models that explain these concepts and characteristics. Further, based upon an exploratory study of three case organisations in Saudi Arabia involving extensive interviews with senior managers, department managers, IT managers, information security officers, and IT staff; this article describes observed information security practices and identifies several factors which appear to be particularly important in influencing information security behaviour. These factors include values associated with national and organisational culture and how they manifest in practice, and activities related to information security management.