GENERAL ENQUIRIES: Tel: + 27 12 841 2911 | Email:

Show simple item record Da Veiga, A Astakhova, LV Botha, Adéle Herselman, Martha E 2020-07-30T08:55:22Z 2020-07-30T08:55:22Z 2020-05
dc.identifier.citation Da Veiga, A. et al. 2020. Defining organisational information security culture—Perspectives from academia and industry. Computers & Security, vol. 92, pp. 92 en_US
dc.identifier.issn 0167-4048
dc.identifier.issn 1872-6208
dc.description Copyright: 2020 Elsevier. Due to copyright restrictions, the attached PDF file only contains the abstract of the full text item. For access to the full text item, please consult the publisher's website. The definitive version of the work is published in Computers & Security, Vol. 92, pp 23 en_US
dc.description.abstract The ideal or strong information security culture can aid in minimising the threat of humans to information protection and thereby aid in reducing data breaches or incidents in organisations. This research sets out to understand how information security culture is defined from an academic and industry perspective using a mixed-method approach. The definition, factors necessary to instil the ideal information security culture and the potential impact of the ideal information security culture were investigated from both perspectives. A survey approach was implemented to obtain the views from industry and 512 respondents from organisations, many of which operate at an international level, participated in the survey. The research presents a description of information security culture, integrating the existing literature and expanding on it with the views of industry, thereby giving clarity to the concept. The ideal information security culture was identified with the top traits relating to aspects such as an aware and knowledgeable workforce implementing conscientious, caring behaviour to comply with policies as guided by management. The factors that could positively influence an information security culture were identified, consolidated and expanded to five external factors and twenty internal factors. Organisations that have a strong information security culture were identified as achieving mutual trust and integrity through the protection of their information. The description of an information security culture can be used as a baseline to define and understand the concept, identify a single, comprehensive set of factors to be implemented, comprehend the traits of such a culture, as well as what an organisation can achieve by having a strong information security culture. The analysis showed that scientific interpretations of the definitions and factors of information security culture are much wider than their understanding of the industry. Both the results from the scoping review of papers and the feedback from the industry experts are synthesised visually to provide an organisational information security culture model (OISCM). The definition, factors, and model that influence the organisational culture of information security, have prognostic value for industry. For scientists, this is an important topic of research on methods and forms of increasing the level of this knowledge. en_US
dc.language.iso en en_US
dc.publisher Elsevier en_US
dc.relation.ispartofseries Workflow;23351
dc.subject Information security culture en_US
dc.subject Key traits en_US
dc.title Defining organisational information security culture—Perspectives from academia and industry en_US
dc.type Article en_US

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search ResearchSpace

Advanced Search


My Account