Critical Analysis of Information Security Culture Definitions - Human Aspects of Information Security and Assurance
Conference Papers Year : 2020

Critical Analysis of Information Security Culture Definitions

Zainab Ruhwanya
  • Function : Author
  • PersonId : 1133719
Jacques Ophoff
  • Function : Author
  • PersonId : 1113689

Abstract

This article aims to advance the understanding of information security culture through a critical reflection on the wide-ranging definitions of information security culture in the literature. It uses the hermeneutic approach for conducting literature reviews. The review identifies 16 definitions of information security culture in the literature. Based on the analysis of these definitions, four different views of culture are distinguished. The shared values view highlights the set of cultural value patterns that are shared across the organization. An action-based view highlights the behaviors of individuals in the organization. A mental model view relates to the abstract view of the individual’s thinking on how information security culture must work. Finally, a problem-solving view emphasizes a combination of understanding from shared value-based and action-based views. The paper analyzes and presents the limitations of these four views of information security culture definitions.
Fichier principal
Vignette du fichier
497442_1_En_27_Chapter.pdf (233.79 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Dates and versions

hal-03657709 , version 1 (03-05-2022)

Licence

Identifiers

Cite

Zainab Ruhwanya, Jacques Ophoff. Critical Analysis of Information Security Culture Definitions. 14th International Symposium on Human Aspects of Information Security and Assurance (HAISA), Jul 2020, Mytilene, Lesbos, Greece. pp.353-365, ⟨10.1007/978-3-030-57404-8_27⟩. ⟨hal-03657709⟩
25 View
150 Download

Altmetric

Share

More