Title

A comprehensive framework for understanding security culture in organizations

Document Type

Conference Proceeding

Publisher

Springer

Comments

Originally published as: Tolah, A., Furnell, S. M., & Papadaki, M. (2019, June). A Comprehensive Framework for Understanding Security Culture in Organizations. In: L. Drevin, & M. Theocharidou (Eds.), Information Security Education. Education in Proactive Information Security: 12th IFIP WG 11.8 World Conference, WISE 12, Lisbon, Portugal, June 25–27, 2019, Proceedings (pp. 143-156). Switzerland, Cham: Springer. Original publication available here

Abstract

Organizational security is exposed to internal and external threats, with a greater level of vulnerabilities coming from the former. Drawing upon findings from prior works as a foundation, this study aims to highlight the significant factors that influence the security culture within organizations. Phase one of the study reports upon an interview-based investigation undertaken with thirteen experienced, knowledgeable security specialists from seven organizations. The main findings confirmed the importance of the identified factors from the previous work. The focus to emerge from the interviews concludes that continuously subjecting employees to targeted training and awareness development improves security culture. Indeed, there was a clear lack of awareness and compliance regarding the implementation and clarity of security policies in organizations. Also, the inefficient training program and limit to specific employees in organizations leads to a lack of awareness and compliance.

DOI

10.1007/978-3-030-23451-5_11

Share

 
COinS