Awareness, behaviour and culture: The ABC in cultivating security compliance

A significant volume of security breaches occur as a result of human aspects and it is consequently important for these to be given attention alongside technical aspects. Researchers have argued that security culture stimulates appropriate employees´ behavior towards adherence. Therefore, work within organizations should be guided by a culture of security, with the purpose of protecting the organization´s assets and affecting individual´s behaviors towards better security behavior. Although security aware individuals can play an important role in protecting organizational assets, the way in which individuals behave with security controls that are implemented is crucial in protecting such assets. Should the behavior of individuals not be security compliant, it could have an impact on an organization´s productivity and confidentiality of data. In this paper, key literature relating to security culture in the period of 1999-2014 is reviewed. The objective is to examine the role of security awareness, behavior, and how they can play an important role in changing the existing culture to a security culture. Some relevant security culture tools have been introduced. An overall framework to understand how security awareness and behavior can play an important role in changing an existing culture to a security culture has been developed.