The behaviour of the employee has the potential to either strengthen or weaken security, and it is therefore vital to foster a culture of security within organizations. The hope is that such a culture will ensure that behaviour becomes more secure over time, essentially reducing security incidents. Organizations attempt to nurture such a culture, mostly by means of educating their employees and having a comprehensive set of regularly-updated security policies. They are required to carry out regular security audits. These are usually in the form of checkbox-type assessments, ascertaining that the organization has all the correct mechanisms in place to maximize security of information.
We carried out an ethnographic investigation into the security culture of a single retail store that is part of a large nationwide organization in the United Kingdom. The study surprisingly revealed poor security culture, despite the organization as a whole seemingly following good practice with respect to education and policy.
|Title of host publication||2015 World Congress on Internet Security (WorldCIS)|
|Number of pages||6|
|Publication status||Published - 16 Dec 2015|
|Event||2015 World Congress on Internet Security - Dublin, Ireland|
Duration: 19 Oct 2015 → 21 Oct 2015
|Conference||2015 World Congress on Internet Security|
|Abbreviated title||WorldCIS 2015|
|Period||19/10/15 → 21/10/15|
- Security behaviour
- Information security culture
- Ethnographic study