Cultivating And Assessing Information Security Culture
DOWNLOAD
Download Cultivating And Assessing Information Security Culture PDF/ePub or read online books in Mobi eBooks. Click Download or Read Online button to get Cultivating And Assessing Information Security Culture book now. This website allows unlimited access to, at the time of writing, more than 1.5 million titles, including hundreds of thousands of titles in various foreign languages. If the content not found or just blank you must refresh this page
Cultivating And Assessing Information Security Culture
DOWNLOAD
Author : Adele Da Veiga
language : en
Publisher:
Release Date : 2013
Cultivating And Assessing Information Security Culture written by Adele Da Veiga and has been published by this book supported file pdf, txt, epub, kindle and other format this book has been release on 2013 with categories.
The manner in which employees perceive and interact (behave) with controls implemented to protect information assets is one of the main threats to the protection of such assets and the effective use of information security controls. Should the interaction not be conducive to the protection of the information assets, it could have a profound impact on the profit of an organisation, productive working hours could be lost, confidential information might be disclosed to unauthorised people and compliance with legal and regulatory regulations could be affected - all this, despite the fact that adequate technical and procedural controls might be in place. Current research highlights the importance of a strong information security culture to address the threat that employee behaviour poses to the protection of information assets. Various research perspectives propose how an acceptable level of information security culture should be cultivated, and how to assess this culture to determine whether it is on an acceptable level. These approaches are however not adequate to cultivate information security culture, as all the relevant information security components and the influences on the information security culture have to be considered. This leads to the question as to whether the assessment instruments proposed to assess the information security culture are indeed adequate and valid. The main contribution of this research relates to the development of an information security culture framework and process consisting of an assessment instrument to assess information security culture. In order to develop the information security culture framework, the researcher developed a Comprehensive Information Security Framework (CISF) that equips organisations with a holistic approach to the implementation of information security. The framework provides a single point of reference for the governance of information security. The Information Security Culture Framework (ISCF) is developed using the CISF as foundation. The ISCF can be used by organisations to cultivate an information security culture conducive to the protection of information assets. It considers all the components required for information security culture, namely information security, organisational culture and organisational behaviour. It integrates the aforementioned concepts and illustrates the influence between the components. The ISCF further serves as a basis for designing an information security culture assessment instrument. This instrument is incorporated as part of an Information Security Culture Assessment process (lSCULA) defined by the researcher. ISCULA provides management with the steps to conduct an information security culture assessment, as well as the steps to validate the assessment instrument. The application of ISCULA is tested in an empirical study conducted in an organisation. It illustrates how to validate an information security culture assessment instrument by ensuring that it is designed based on the ISCF and meets the statistical requirements for a valid and reliable assessment instrument. Both the ISCF and the ISCULA process can ultimately be deployed by organisations to minimise the threat that employee behaviour poses to the protection of information assets.
Security Culture
DOWNLOAD
Author : Mrs Hilary Walton
language : en
Publisher: Ashgate Publishing, Ltd.
Release Date : 2015-12-28
Security Culture written by Mrs Hilary Walton and has been published by Ashgate Publishing, Ltd. this book supported file pdf, txt, epub, kindle and other format this book has been release on 2015-12-28 with Business & Economics categories.
Security Culture starts from the premise that, even with good technical tools and security processes, an organisation is still vulnerable without a strong culture and a resilient set of behaviours in relation to people risk. Hilary Walton combines her research and her unique work portfolio to provide proven security culture strategies with practical advice on their implementation. And she does so across the board: from management buy-in, employee development and motivation, right through to effective metrics for security culture activities. Hilary draws together all the best ideas on how you can embed security in the culture of your organisation, including a blend of psychology, risk and security, to offer a security culture interventions toolkit from which you can pick and choose as you design your security culture programme - whether in private or public settings.
The Security Culture Playbook
DOWNLOAD
Author : Perry Carpenter
language : en
Publisher: John Wiley & Sons
Release Date : 2022-03-08
The Security Culture Playbook written by Perry Carpenter and has been published by John Wiley & Sons this book supported file pdf, txt, epub, kindle and other format this book has been release on 2022-03-08 with Computers categories.
Mitigate human risk and bake security into your organization’s culture from top to bottom with insights from leading experts in security awareness, behavior, and culture. The topic of security culture is mysterious and confusing to most leaders. But it doesn’t have to be. In The Security Culture Playbook, Perry Carpenter and Kai Roer, two veteran cybersecurity strategists deliver experience-driven, actionable insights into how to transform your organization’s security culture and reduce human risk at every level. This book exposes the gaps between how organizations have traditionally approached human risk and it provides security and business executives with the necessary information and tools needed to understand, measure, and improve facets of security culture across the organization. The book offers: An expose of what security culture really is and how it can be measured A careful exploration of the 7 dimensions that comprise security culture Practical tools for managing your security culture program, such as the Security Culture Framework and the Security Culture Maturity Model Insights into building support within the executive team and Board of Directors for your culture management program Also including several revealing interviews from security culture thought leaders in a variety of industries, The Security Culture Playbook is an essential resource for cybersecurity professionals, risk and compliance managers, executives, board members, and other business leaders seeking to proactively manage and reduce risk.
Assessing Information Security
DOWNLOAD
Author : Andrew A. Vladimirov
language : en
Publisher: IT Governance Ltd
Release Date : 2010
Assessing Information Security written by Andrew A. Vladimirov and has been published by IT Governance Ltd this book supported file pdf, txt, epub, kindle and other format this book has been release on 2010 with Computer networks categories.
This book deals with the philosophy, strategy and tactics of soliciting, managing and conducting information security audits of all flavours. It will give readers the founding principles around information security assessments and why they are important, whilst providing a fluid framework for developing an astute 'information security mind' capable of rapid adaptation to evolving technologies, markets, regulations, and laws.
Cultivating And Assessing Information Security Culture
DOWNLOAD
Author : Adela Da Veiga
language : en
Publisher:
Release Date : 2008
Cultivating And Assessing Information Security Culture written by Adela Da Veiga and has been published by this book supported file pdf, txt, epub, kindle and other format this book has been release on 2008 with Computer security categories.
Cultivating And Assessing Information Security Culture
DOWNLOAD
Author : Adela Da Veiga
language : en
Publisher:
Release Date : 2008
Cultivating And Assessing Information Security Culture written by Adela Da Veiga and has been published by this book supported file pdf, txt, epub, kindle and other format this book has been release on 2008 with Computer security categories.
People Centric Security Transforming Your Enterprise Security Culture
DOWNLOAD
Author : Lance Hayden
language : en
Publisher: McGraw Hill Professional
Release Date : 2015-09-25
People Centric Security Transforming Your Enterprise Security Culture written by Lance Hayden and has been published by McGraw Hill Professional this book supported file pdf, txt, epub, kindle and other format this book has been release on 2015-09-25 with Computers categories.
A culture hacking how to complete with strategies, techniques, and resources for securing the most volatile element of information security—humans People-Centric Security: Transforming Your Enterprise Security Culture addresses the urgent need for change at the intersection of people and security. Esentially a complete security culture toolkit, this comprehensive resource provides you with a blueprint for assessing, designing, building, and maintaining human firewalls. Globally recognized information security expert Lance Hayden lays out a course of action for drastically improving organizations’ security cultures through the precise use of mapping, survey, and analysis. You’ll discover applied techniques for embedding strong security practices into the daily routines of IT users and learn how to implement a practical, executable, and measurable program for human security. Features downloadable mapping and surveying templates Case studies throughout showcase the methods explained in the book Valuable appendices detail security tools and cultural threat and risk modeling Written by an experienced author and former CIA human intelligence officer
Assessment Of Information Security Culture In Higher Education
DOWNLOAD
Author : Henry W. Glaspie (IV)
language : en
Publisher:
Release Date : 2018
Assessment Of Information Security Culture In Higher Education written by Henry W. Glaspie (IV) and has been published by this book supported file pdf, txt, epub, kindle and other format this book has been release on 2018 with categories.
Information security programs are instituted by organizations to provide guidance to their users who handle their data and systems. The main goal of these programs is to protect the organization's information assets through the creation and cultivation of a positive information security culture within the organization. As the collection and use of data expands in all economic sectors, the threat of data breach due to human error increases. Employee's behavior towards information security is influenced by the organizations information security programs and the overall information security culture. This study examines the human factors of an information security program and their effect on the information security culture. These human factors consist of stringency of organizational policies, behavior deterrence, employee attitudes towards information security, training and awareness, and management support of the information security programs. A survey questionnaire was given to employees in the Florida College System to measure the human aspects of the information security programs. Confirmatory factor analysis (CFA) and Structural Equation Modeling (SEM) were used to investigate the relationships between the variables in the study using IBM® SPSS® Amos 24 software. The study results show that management support and behavior deterrence have a significant positive relationship with information security. Additionally, the results show no significant association between information security culture and organization policies, employee commitment and employee awareness. This suggests a need for further refinement of the model and the survey tool design to properly assess human factors of information security programs and their effects on the organizational security culture.
Understanding Information Security Culture In An Organization
DOWNLOAD
Author : Donald Bess
language : en
Publisher:
Release Date : 2012
Understanding Information Security Culture In An Organization written by Donald Bess and has been published by this book supported file pdf, txt, epub, kindle and other format this book has been release on 2012 with categories.
Information systems are considered to be a critical and strategic part of most organizations today. Because of this it has become increasingly important to ensure that there is an effective information security program in place protecting those information systems. It has been well established by researchers that the success of an information security program is heavily dependent upon the actions of the organizational members that interact with the information security program. Because of the interaction between people and the information security program an appropriate information security culture is required to effectively influence and control the actions of the members within that organization. While the importance of an information security culture has been well established by researchers there has been little research conducted to date that assist in understanding and managing information security culture within organizations. To expand the body of knowledge in this area this study will explore the information security culture of a large organization using interpretive case study methodology. The use of semi-structured interviews to collect data has allowed the researcher to report back their interpretation of shared meanings, consciousness, language and artifacts observed while at the research site. Structuration theory was applied as a theoretical lens with which to better understand information security culture and explore ways in which organizations can better understand and manage information security culture. We found structures of signification and legitimacy were the most influential on employee's behavior towards information security. While the structure of domination exerted minimal influence over employee's behavior. This research study contributes to the existing body of knowledge regarding information security culture by examining the role of structural properties exhibited within information security culture. Structural properties of information security culture have not been adequately considered within the existing literature. By expanding our understanding of the role of social structures such as systems of meaning, power and legitimacy on information security culture researchers will have a deeper understanding of this phenomena call information security culture. This will enable us to better understand how to develop and manage an appropriate information security culture.
An Ethnographic Investigation Of The Assimilation Of New Organizational Members Into An Information Security Culture
DOWNLOAD
Author : Barry McIntosh
language : en
Publisher:
Release Date : 2011
An Ethnographic Investigation Of The Assimilation Of New Organizational Members Into An Information Security Culture written by Barry McIntosh and has been published by this book supported file pdf, txt, epub, kindle and other format this book has been release on 2011 with categories.
Research on information security culture evolved because technical security controls and policies have failed to eliminate information security incidents. Although existing research has addressed the measurement and cultivation of an information security culture, it has not addressed how to maintain that culture. This study focused on that gap by exploring the values and assumptions that inhibit assimilation of new members into an information security culture. Contract employees represent a distinct set of new organizational members with additional challenges assimilating into an organization's information security culture. This study addressed two research questions about how and why pre-existing information security related values and assumptions of new contract employees conflicted with the prevalent information security culture that created information security risks. This study applied an ethnographic approach to the examination of the assimilation of new contract employees based on Schein's framework of organizational culture. The findings revealed that IT contractors displayed a sense of responsibility for information security. However, the IT contractors demonstrated a detachment from the organization's information security culture through a lack of interest in the mission, goals and strategies. As a result of this detachment, information security concerns were linked to a lack of understanding of the information the organization sought to protect, the risk tolerance and the response to unforeseen security incidents. The contractors' detachment was traced to assumptions that resulted from their temporal relationship with the organization and their perception of being organizational outsiders. In addition to identifying the risk and mechanisms behind contractors' failure to assimilate, this study extended research into professional sub-groups within an information security culture. The study offered a contribution to research in its approach to Schein's framework by focusing on the inter-relationships between assumptions. The findings identified where organizations should be cognizant of specific contractor information security assumptions and how they create risk. The findings suggest that organization should encourage the engagement of contractor in social interactions with direct staff and the avoid actions leading to the perception of inequitable treatment. However, future research will be required to confirm the extent that these actions might have in overcoming the contractor's deeply rooted assumptions.