A comprehensive framework for understanding security culture in organizations
Document Type
Conference Proceeding
Publisher
Springer
School
ECU Security Research Institute
RAS ID
31030
Abstract
Organizational security is exposed to internal and external threats, with a greater level of vulnerabilities coming from the former. Drawing upon findings from prior works as a foundation, this study aims to highlight the significant factors that influence the security culture within organizations. Phase one of the study reports upon an interview-based investigation undertaken with thirteen experienced, knowledgeable security specialists from seven organizations. The main findings confirmed the importance of the identified factors from the previous work. The focus to emerge from the interviews concludes that continuously subjecting employees to targeted training and awareness development improves security culture. Indeed, there was a clear lack of awareness and compliance regarding the implementation and clarity of security policies in organizations. Also, the inefficient training program and limit to specific employees in organizations leads to a lack of awareness and compliance.
DOI
10.1007/978-3-030-23451-5_11
Access Rights
subscription content
Comments
Tolah, A., Furnell, S. M., & Papadaki, M. (2019, June). A Comprehensive Framework for Understanding Security Culture in Organizations. In: L. Drevin, & M. Theocharidou (Eds.), Information Security Education. Education in Proactive Information Security: 12th IFIP WG 11.8 World Conference, WISE 12, Lisbon, Portugal, June 25–27, 2019, Proceedings (pp. 143-156). Switzerland, Cham: Springer. Available here