Title :
A proposal of an organizational information security culture framework
Author :
AlHogail, Areej ; Mirza, Abdulrahman
Author_Institution :
Dept. of Inf. Syst., Coll. of Comput. & Inf. Sci. King Saud Univ. Riyadh, Riyadh, Saudi Arabia
Abstract :
The efficiency of various technical information security controls is based on the `people´ who interact with the information every day. Information security culture aims at protecting information assets by guiding how things are done in organization in regard to information security through influencing employees´ security behavior. This paper review key frameworks that were proposed in the literature in the period between the years 2003 and 2013, to establish and maintain information security culture inside organizations. The review draws the attention to the need for more investigation in the field to provide comprehensive frameworks for information security culture within organization. This paper attempts to propose one. The framework incorporates key change management principles and has five main dimensions that represent strategy, technology, organization, people and environment issues that affect the effective information security culture.
Keywords :
management of change; organisational aspects; security of data; employees security behavior; information asset protection; key change management principles; organizational information security culture framework; technical information security controls; Government; Human factors; Information security; Standards organizations; Training; change management; human factor; information secuirty culture; insider threat;
Conference_Titel :
Information, Communication Technology and System (ICTS), 2014 International Conference on
Conference_Location :
Surabaya
Print_ISBN :
978-1-4799-6857-2
DOI :
10.1109/ICTS.2014.7010591
