Towards an organizational culture framework for information security practices

Document Type

Book Chapter


IGI Global


Faculty of Computing, Health and Science


ECU Security Research Institute




This chapter was originally published as: Soon Lim, J., Chang, S., Ahmad, A. , & Maynard, S. (2012). Towards an organizational culture framework for information security practices. In M Gupta, J Walp, R Sharman, (Eds.). Strategic and Practical Approaches for Information Security Governance: Technologies and Applied Solutions (pp. 296-315). IGI Global.


In organizations, employee behaviour has a considerable impact on information security. The organizational culture (OC) that shapes acceptable employee behaviours is therefore significant. A large body of literature exists that calls for the cultivation of security culture to positively influence information security related behaviour of employees. However, there is little research examining OC that enables the implementation of information security. The authors address the unsubstantiated claim that there is an important relationship between OC and the ability to successfully implement information security. Findings suggest that security practices can be successfully implemented within eight organizational culture characteristics. Investigation of these organizational culture characteristics from a security perspective is an important step toward future empirical research aimed at understanding the relationship between OC and the implementation of systematic improvement of security practices. The research and practical implications of these findings are discussed, and future research areas are explored.