The IRMA Community
Newsletters
Research IRM
Click a keyword to search titles using our InfoSci-OnDemand powered search:
|
The Role of Security Culture
Abstract
This chapter provides a discussion of the importance of the wider organisational context that the network administrator needs to deal with by describing how the organisational culture can impact on the degree to which security can be successfully maintained. It starts with an acknowledgement of the general clusters of factors that affect security (technology, processes, organisational, and human), and focuses on the human element within these. The types of risk that arise from humans in the system are described, such as motivation, ability, awareness (and lack of awareness). Errors and purposeful violations are compared, and individual, organisational, and latent risk factors explained. The chapter's key focus is the role of organisational culture. A general description of culture and its application in organisations leads into a discussion of security culture. A comparison is made between safety and security culture. Similarities are listed as the impacts of regulatory influence, reputational damage, having multiple causes, and the fact both are often driven by adverse events. Differences are examined. For example, the victim of a poor safety culture is often the perpetrator, whereas this is less often true in security violations. Intrinsic motivation and the impact of certain systems designs are further differences. Gaps in security culture research are noted as a lack of an accepted practical definition, a lack of an accepted way of measuring security culture that can be used outside narrow domains, research into engendering and enhancing security culture is narrowly focused on specific aspects of culture, and a lack of research relating security culture to organisational performance. A project to address some of these gaps by defining and measuring security culture is described. Qualitative and quantitative research was used to develop a questionnaire consisting of seven scales and fourteen sub-scales, each measuring a reliable and distinct factor. The content of these factors is noted, and a case study of the questionnaire's application to facilitate the development of security culture is outlined. Two key benefits result from the use of the questionnaire: diagnosis of aspects of security culture that may need improvement and benchmarking within (and between) organisations.
Related Content
|
Jeff Mangers, Christof Oberhausen, Meysam Minoufekr, Peter Plapper.
© 2020.
26 pages.
|
|
Sylvain Maechler, Jean-Christophe Graz.
© 2020.
27 pages.
|
|
Sabrina Petersohn, Sophie Biesenbender, Christoph Thiedig.
© 2020.
41 pages.
|
|
Jonas Lundsten, Jesper Mayntz Paasch.
© 2020.
21 pages.
|
|
Justus Alexander Baron.
© 2020.
31 pages.
|
|
Vasileios Mavroeidis, Petros E. Maravelakis, Katarzyna Tarnawska.
© 2020.
19 pages.
|
|
Hiam Serhan, Doudja Saïdi-Kabeche.
© 2020.
30 pages.
|
|
|