Assessing information security culture: A critical analysis of current approaches

Author

Okere, I. ; Van Niekerk, Johan ; Carroll, Mariana

Author_Institution

Sch. of ICT, Nelson Mandela Metropolitan Univ. (NMMU), Port Elizabeth, South Africa

fYear

2012

fDate

15-17 Aug. 2012

Firstpage

1

Lastpage

8

Abstract

Today´s businesses operate in an interconnected and global environment allowing them to collaborate with one another and share information resources. At the same time this interconnectivity exposes the organization to many internal (employees) and external threats. Internal threat is among the top information security issues facing organizations as the human factor is regarded the weakest link in the security chain. To address this “human factor” researchers have suggested the fostering of an information security culture to address the human behavior so that information security becomes a second nature to employees. An important step in the fostering of an information security culture is the assessment of the current state of the culture. This paper focuses on the analysis and comparison of current information security culture assessment approaches, to evaluate their suitability specific for use in the culture change process.

Keywords

business data processing; security of data; critical analysis; current approaches; external threats; global environment; human behavior; human factor; information resources; information security culture; internal threat; security chain; Educational institutions; Information security; Information services; Organizations; Standards organizations; Information security culture; assessment; culture change;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Security for South Africa (ISSA), 2012

Conference_Location

Johannesburg, Gauteng

Print_ISBN

978-1-4673-2160-0

Type

conf

DOI

10.1109/ISSA.2012.6320442

Filename

6320442