Article ID Journal Published Year Pages File Type
350354 Computers in Human Behavior 2015 9 Pages PDF
Abstract

•Information security culture framework (ISCF) based on five dimensions is proposed.•ISCF incorporates change management principles that guide the security culture cultivation.•Correctness and comprehensiveness of ISCF structure and tasks are validated by surveying experts.•Aims to mange human behavior when interacting with information assets.•Assist organizations to develop information security culture to protects information assets.

Establishing information security culture in organizations impacts employees’ perceptions and security behavior in a way that can guard against many information security threats posed by insiders. This paper is concerned with the development of a comprehensive information security culture framework for organizations. The structured STOPE (Strategy; Technology; Organization; People; and Environment) scope has been used as a base for the framework so that the various issues of information security can be integrated. The resulted framework incorporates the four main domains of the human factor diamond: preparedness, responsibility, management, and society and regulations. The framework also incorporates change management principles that guide the cultivation of the information security culture. The framework is validated by surveying experts to provide their views and feedback on the correctness and comprehensiveness of the framework structure and its associated tasks. The framework can assist organizations to develop an effective information security culture that protects their information assets.

Related Topics
Physical Sciences and Engineering Computer Science Computer Science Applications
Authors
,