An identification of variables influencing the establishment of information security culture

Document Type

Conference Proceeding




Security Research Institute


Originally published as: Sherif, E., Furnell, S., Clarke, N. (2015). An identification of variables influencing the establishment of information security culture. In Proceedings of the Third international Conference on Human Aspects of Information Security, Privacy, and Trust (pp. 436-448). L.A., USA. Available here.


A significant volume of security breaches occur as a result of the human aspects and it is consequently important for these to be given attention alongside technical aspects. Many breaches occur due to human error. Researchers have argued that security culture stimulates appropriate employees’ security behavior towards adherence and therefore developing a culture of security can contribute in minimizing or avoiding security breaches. Although, research on the concept of security culture has received little attention this paper aims to address the security culture concept, and it’s relation to the national culture. Specifically, it is largely hypothesized that cultivating security culture can have a positive effect on employees’ security compliance. The purpose of this paper is to identify variables that influence cultivating a security culture. In order to do so, a comprehensive literature review has been conducted. The outcome of the literature analysis has identified potential variables that influence security culture (e.g. top management support, information security behavior, and awareness), and the paper subsequently outlines a framework for modeling security culture that indicates the relationship between these variables.



Access Rights

Not open access