Investigating the Concept of Information Security Culture

IGI Global
Publication Type:
Strategic and Practical Approaches for Information Security Governance, 2012, 1, pp. 1 - 12
Issue Date:
Full metadata record
Files in This Item:
Filename Description Size
2012000278OK.pdf Published version877.9 kB
Adobe PDF
This book provides organizations with insights into practical and applied solutions, frameworks, technologies and practices on technological and organizational factors in information security. The concept of an âinformation security cultureâ is relatively new. A review of published research on the topic suggests that it is not the information security panacea that has been suggested. Instead, it tends to refer to a range of existing techniques for addressing the human aspect of information security, oversimplifying the link between culture and behaviour, exaggerating the ease with which a culture can be adjusted, and treating culture as a monolith, set from the top. Evidence for some of the claims is also lacking. This chapter finds that the term âinformation security cultureâ is ambiguous and vague enough to suggest the possibility of achieving an almost mystical state, whereby behaviour consistent with information security is second nature to all employees, but when probed does not deliver. Instead, future research should be clear about what it considers information security culture to be, should provide evidence for claims, and should take complexity and context seriously.
Please use this identifier to cite or link to this item: