Article ID | Journal | Published Year | Pages | File Type |
---|---|---|---|---|
350354 | Computers in Human Behavior | 2015 | 9 Pages |
•Information security culture framework (ISCF) based on five dimensions is proposed.•ISCF incorporates change management principles that guide the security culture cultivation.•Correctness and comprehensiveness of ISCF structure and tasks are validated by surveying experts.•Aims to mange human behavior when interacting with information assets.•Assist organizations to develop information security culture to protects information assets.
Establishing information security culture in organizations impacts employees’ perceptions and security behavior in a way that can guard against many information security threats posed by insiders. This paper is concerned with the development of a comprehensive information security culture framework for organizations. The structured STOPE (Strategy; Technology; Organization; People; and Environment) scope has been used as a base for the framework so that the various issues of information security can be integrated. The resulted framework incorporates the four main domains of the human factor diamond: preparedness, responsibility, management, and society and regulations. The framework also incorporates change management principles that guide the cultivation of the information security culture. The framework is validated by surveying experts to provide their views and feedback on the correctness and comprehensiveness of the framework structure and its associated tasks. The framework can assist organizations to develop an effective information security culture that protects their information assets.