Investigating the concept of information security culture

Oost, D; Chew, E

Investigating the concept of information security culture

Oost, D Chew, E

Permalink

Publication Type:: Chapter
Citation:: Strategic and Practical Approaches for Information Security Governance: Technologies and Applied Solutions, 2012, pp. 1 - 12
Issue Date:: 2012-12-01

Closed Access

	Filename	Description	Size
	2012000278OK.pdf	Published version	877.9 kB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Oost, D	en_US
dc.contributor.author	Chew, E https://orcid.org/0000-0002-5850-2455	en_US
dc.date.issued	2012-12-01	en_US
dc.identifier.citation	Strategic and Practical Approaches for Information Security Governance: Technologies and Applied Solutions, 2012, pp. 1 - 12	en_US
dc.identifier.isbn	9781466601970	en_US
dc.identifier.uri	http://hdl.handle.net/10453/31576
dc.description.abstract	The concept of an "information security culture" is relatively new. A review of published research on the topic suggests that it is not the information security panacea that has been suggested. Instead, it tends to refer to a range of existing techniques for addressing the human aspect of information security, oversimplifying the link between culture and behaviour, exaggerating the ease with which a culture can be adjusted, and treating culture as a monolith, set from the top. Evidence for some of the claims is also lacking. This chapter finds that the term "information security culture" is ambiguous and vague enough to suggest the possibility of achieving an almost mystical state, whereby behaviour consistent with information security is second nature to all employees, but when probed does not deliver. Instead, future research should be clear about what it considers information security culture to be, should provide evidence for claims, and should take complexity and context seriously. © 2012, IGI Global.	en_US
dc.relation.ispartof	Strategic and Practical Approaches for Information Security Governance: Technologies and Applied Solutions	en_US
dc.relation.isbasedon	10.4018/978-1-4666-0197-0.ch001	en_US
dc.title	Investigating the concept of information security culture	en_US
dc.type	Chapter
utslib.for	0899 Other Information and Computing Sciences	en_US
pubs.embargo.period	Not known	en_US
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Business
pubs.organisational-group	/University of Technology Sydney/Faculty of Design, Architecture and Building
pubs.organisational-group	/University of Technology Sydney/Faculty of Design, Architecture and Building/School of Built Environment
pubs.organisational-group	/University of Technology Sydney/Strength - HCTD - Human Centred Technology Design
utslib.copyright.status	closed_access
pubs.publication-status	Published	en_US

Abstract:

The concept of an "information security culture" is relatively new. A review of published research on the topic suggests that it is not the information security panacea that has been suggested. Instead, it tends to refer to a range of existing techniques for addressing the human aspect of information security, oversimplifying the link between culture and behaviour, exaggerating the ease with which a culture can be adjusted, and treating culture as a monolith, set from the top. Evidence for some of the claims is also lacking. This chapter finds that the term "information security culture" is ambiguous and vague enough to suggest the possibility of achieving an almost mystical state, whereby behaviour consistent with information security is second nature to all employees, but when probed does not deliver. Instead, future research should be clear about what it considers information security culture to be, should provide evidence for claims, and should take complexity and context seriously. © 2012, IGI Global.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/31576