Title :
Information security culture: A definition and a literature review
Author :
AlHogail, Areej ; Mirza, Abdulrahman
Author_Institution :
Dept. of Inf. Syst., Imam Mohammed Bin Saud Univ. Riyadh, Riyadh, Saudi Arabia
Abstract :
Information security culture guides how things are done in organization in regard to information security, with the aim of protecting the information assets and influencing employees´ security behavior. In this paper, we review key literature on information security culture that was published in the period during 2003-2013. The objective was to identify the frameworks that were proposed to establish and maintain information security culture inside organizations. Moreover, other issues were investigated, such as the appropriate definition, and methodology used in this field of research. The review identified 62 papers that were published in that period (2003-2013) were focused on information security culture in organizations as a main topic of that paper. The review draws the attention to the importance of the information security culture and the need for more investigation in the field to provide a comprehensive framework of the establishment of information security culture within organization.
Keywords :
business data processing; organisational aspects; security of data; employees security behavior; information assets protection; information security culture; organization; Bibliographies; Educational institutions; Information security; Interviews; Organizations; Training; information secuirty culture; literature review;
Conference_Titel :
Computer Applications and Information Systems (WCCAIS), 2014 World Congress on
Conference_Location :
Hammamet
Print_ISBN :
978-1-4799-3350-1
DOI :
10.1109/WCCAIS.2014.6916579
