EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

A framework for fostering a dynamic information security culture

Renay Carver
Additional contact information
Renay Carver: Operations and Technology Strategist, USA

Cyber Security: A Peer-Reviewed Journal, 2020, vol. 4, issue 2, 145-159

Abstract: This paper proposes how organisations may attend to key factors influencing organisational culture to facilitate and nurture a well-prepared information security culture. Organisational culture is the formative part of organisational behaviour, establishing the social interaction norms, best practices and processes required to achieve organisational objectives. In defining what organisational culture is, and by recognising what a worthy culture should entail, companies may increase opportunities to detect problems, design solutions and develop healthier environments. Employees have accord in decision making and experience a shared understanding of how to accomplish organisational goals. The organisation’s cultural orientation dictates the acceptable system and leadership behaviours expected to effectively achieve enterprise strategy; ultimately, employee behaviour and interaction become defined by such orientation. Attempts to change organisational culture is problematic, since organisational culture often lives on long after founders depart, leaders exit, and products and services cease. Hence, organisational culture may become static. Understanding the organisation’s culture is valuable in managing responses to security challenges, since awareness of the organisation’s cultural profile helps in recognising the organisation’s readiness in dealing with dynamic security hazards. Information security culture, a sub-culture of organisational culture, represents the employee’s behaviour and attitude toward information security. The Information Security Culture Framework offers a model to assess the organisation’s status (resiliency and readiness) of its information security culture and mitigate security issues heightened by human error. Adopting a dynamic information security culture fosters beneficial change necessary to confront and diminish security threats. By promoting information security consciousness and focused security awareness to address dynamic information security threats, organisations may achieve a robust information security culture.

Keywords: organisational culture; information security culture; information security awareness; training; change management; human behaviour (search for similar items in EconPapers)
JEL-codes: M15 (search for similar items in EconPapers)
Date: 2020
References: Add references at CitEc
Citations:

Downloads: (external link)
https://hstalks.com/article/5929/download/ (application/pdf)
https://hstalks.com/article/5929/ (text/html)
Requires a paid subscription for full access.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:aza:csj000:y:2020:v:4:i:2:p:145-159

Access Statistics for this article

More articles in Cyber Security: A Peer-Reviewed Journal from Henry Stewart Publications
Bibliographic data for series maintained by Henry Stewart Talks ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:aza:csj000:y:2020:v:4:i:2:p:145-159