A proposal of an organizational information security culture framework

Author

AlHogail, Areej ; Mirza, Abdulrahman

Author_Institution

Dept. of Inf. Syst., Coll. of Comput. & Inf. Sci. King Saud Univ. Riyadh, Riyadh, Saudi Arabia

fYear

2014

fDate

24-24 Sept. 2014

Firstpage

243

Lastpage

250

Abstract

The efficiency of various technical information security controls is based on the `people´ who interact with the information every day. Information security culture aims at protecting information assets by guiding how things are done in organization in regard to information security through influencing employees´ security behavior. This paper review key frameworks that were proposed in the literature in the period between the years 2003 and 2013, to establish and maintain information security culture inside organizations. The review draws the attention to the need for more investigation in the field to provide comprehensive frameworks for information security culture within organization. This paper attempts to propose one. The framework incorporates key change management principles and has five main dimensions that represent strategy, technology, organization, people and environment issues that affect the effective information security culture.

Keywords

management of change; organisational aspects; security of data; employees security behavior; information asset protection; key change management principles; organizational information security culture framework; technical information security controls; Government; Human factors; Information security; Standards organizations; Training; change management; human factor; information secuirty culture; insider threat;

fLanguage

English

Publisher

ieee

Conference_Titel

Information, Communication Technology and System (ICTS), 2014 International Conference on

Conference_Location

Surabaya

Print_ISBN

978-1-4799-6857-2

Type

conf

DOI

10.1109/ICTS.2014.7010591

Filename

7010591