An ethnographic study to assess the enactment of information security culture in a retail store

Andrews Greig, Karen Renaud, Stephen Flowerday

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Citations (Scopus)


The behaviour of the employee has the potential to either strengthen or weaken security, and it is therefore vital to foster a culture of security within organizations. The hope is that such a culture will ensure that behaviour becomes more secure over time, essentially reducing security incidents. Organizations attempt to nurture such a culture, mostly by means of educating their employees and having a comprehensive set of regularly-updated security policies. They are required to carry out regular security audits. These are usually in the form of checkbox-type assessments, ascertaining that the organization has all the correct mechanisms in place to maximize security of information.

We carried out an ethnographic investigation into the security culture of a single retail store that is part of a large nationwide organization in the United Kingdom. The study surprisingly revealed poor security culture, despite the organization as a whole seemingly following good practice with respect to education and policy.

Original languageEnglish
Title of host publication2015 World Congress on Internet Security (WorldCIS)
Number of pages6
ISBN (Electronic)9781908320506
ISBN (Print)9781467394833
Publication statusPublished - 16 Dec 2015
Externally publishedYes
Event2015 World Congress on Internet Security - Dublin, Ireland
Duration: 19 Oct 201521 Oct 2015


Conference2015 World Congress on Internet Security
Abbreviated titleWorldCIS 2015


  • Security behaviour
  • Information security culture
  • Ethnographic study
  • Retail


Dive into the research topics of 'An ethnographic study to assess the enactment of information security culture in a retail store'. Together they form a unique fingerprint.

Cite this