An ethnographic study to assess the enactment of information security culture in a retail store

Andrews Greig; Karen Renaud; Stephen Flowerday

doi:10.1109/WorldCIS.2015.7359415

An ethnographic study to assess the enactment of information security culture in a retail store

Andrews Greig, Karen Renaud, Stephen Flowerday

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Citations (Scopus)

Abstract

The behaviour of the employee has the potential to either strengthen or weaken security, and it is therefore vital to foster a culture of security within organizations. The hope is that such a culture will ensure that behaviour becomes more secure over time, essentially reducing security incidents. Organizations attempt to nurture such a culture, mostly by means of educating their employees and having a comprehensive set of regularly-updated security policies. They are required to carry out regular security audits. These are usually in the form of checkbox-type assessments, ascertaining that the organization has all the correct mechanisms in place to maximize security of information.

We carried out an ethnographic investigation into the security culture of a single retail store that is part of a large nationwide organization in the United Kingdom. The study surprisingly revealed poor security culture, despite the organization as a whole seemingly following good practice with respect to education and policy.

Original language	English
Title of host publication	2015 World Congress on Internet Security (WorldCIS)
Publisher	IEEE
Pages	61-66
Number of pages	6
ISBN (Electronic)	9781908320506
DOIs	https://doi.org/10.1109/WorldCIS.2015.7359415
Publication status	Published - 16 Dec 2015
Externally published	Yes
Event	2015 World Congress on Internet Security - Dublin, Ireland Duration: 19 Oct 2015 → 21 Oct 2015

Conference

Conference	2015 World Congress on Internet Security
Abbreviated title	WorldCIS 2015
Country	Ireland
City	Dublin
Period	19/10/15 → 21/10/15

Fingerprint

Enactment

Retail stores

Information security

Employees

Incidents

Education

Good practice

Security policy

Audit

Cite this

Greig, A., Renaud, K., & Flowerday, S. (2015). An ethnographic study to assess the enactment of information security culture in a retail store. In 2015 World Congress on Internet Security (WorldCIS) (pp. 61-66). [7359415] IEEE . https://doi.org/10.1109/WorldCIS.2015.7359415

Greig, Andrews ; Renaud, Karen ; Flowerday, Stephen. / An ethnographic study to assess the enactment of information security culture in a retail store. 2015 World Congress on Internet Security (WorldCIS). IEEE , 2015. pp. 61-66

@inproceedings{619982b6c39649d998bfbb5d103ad4f1,

title = "An ethnographic study to assess the enactment of information security culture in a retail store",

abstract = "The behaviour of the employee has the potential to either strengthen or weaken security, and it is therefore vital to foster a culture of security within organizations. The hope is that such a culture will ensure that behaviour becomes more secure over time, essentially reducing security incidents. Organizations attempt to nurture such a culture, mostly by means of educating their employees and having a comprehensive set of regularly-updated security policies. They are required to carry out regular security audits. These are usually in the form of checkbox-type assessments, ascertaining that the organization has all the correct mechanisms in place to maximize security of information.We carried out an ethnographic investigation into the security culture of a single retail store that is part of a large nationwide organization in the United Kingdom. The study surprisingly revealed poor security culture, despite the organization as a whole seemingly following good practice with respect to education and policy.",

author = "Andrews Greig and Karen Renaud and Stephen Flowerday",

year = "2015",

month = "12",

day = "16",

doi = "10.1109/WorldCIS.2015.7359415",

language = "English",

pages = "61--66",

booktitle = "2015 World Congress on Internet Security (WorldCIS)",

publisher = "IEEE",

}

Greig, A, Renaud, K & Flowerday, S 2015, An ethnographic study to assess the enactment of information security culture in a retail store. in 2015 World Congress on Internet Security (WorldCIS)., 7359415, IEEE , pp. 61-66, 2015 World Congress on Internet Security, Dublin, Ireland, 19/10/15. https://doi.org/10.1109/WorldCIS.2015.7359415

An ethnographic study to assess the enactment of information security culture in a retail store. / Greig, Andrews; Renaud, Karen; Flowerday, Stephen.

2015 World Congress on Internet Security (WorldCIS). IEEE , 2015. p. 61-66 7359415.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - An ethnographic study to assess the enactment of information security culture in a retail store

AU - Greig, Andrews

AU - Renaud, Karen

AU - Flowerday, Stephen

PY - 2015/12/16

Y1 - 2015/12/16

N2 - The behaviour of the employee has the potential to either strengthen or weaken security, and it is therefore vital to foster a culture of security within organizations. The hope is that such a culture will ensure that behaviour becomes more secure over time, essentially reducing security incidents. Organizations attempt to nurture such a culture, mostly by means of educating their employees and having a comprehensive set of regularly-updated security policies. They are required to carry out regular security audits. These are usually in the form of checkbox-type assessments, ascertaining that the organization has all the correct mechanisms in place to maximize security of information.We carried out an ethnographic investigation into the security culture of a single retail store that is part of a large nationwide organization in the United Kingdom. The study surprisingly revealed poor security culture, despite the organization as a whole seemingly following good practice with respect to education and policy.

AB - The behaviour of the employee has the potential to either strengthen or weaken security, and it is therefore vital to foster a culture of security within organizations. The hope is that such a culture will ensure that behaviour becomes more secure over time, essentially reducing security incidents. Organizations attempt to nurture such a culture, mostly by means of educating their employees and having a comprehensive set of regularly-updated security policies. They are required to carry out regular security audits. These are usually in the form of checkbox-type assessments, ascertaining that the organization has all the correct mechanisms in place to maximize security of information.We carried out an ethnographic investigation into the security culture of a single retail store that is part of a large nationwide organization in the United Kingdom. The study surprisingly revealed poor security culture, despite the organization as a whole seemingly following good practice with respect to education and policy.

U2 - 10.1109/WorldCIS.2015.7359415

DO - 10.1109/WorldCIS.2015.7359415

M3 - Conference contribution

AN - SCOPUS:84967110227

SP - 61

EP - 66

BT - 2015 World Congress on Internet Security (WorldCIS)

PB - IEEE

ER -

Greig A, Renaud K, Flowerday S. An ethnographic study to assess the enactment of information security culture in a retail store. In 2015 World Congress on Internet Security (WorldCIS). IEEE . 2015. p. 61-66. 7359415 https://doi.org/10.1109/WorldCIS.2015.7359415

Access to Document

10.1109/WorldCIS.2015.7359415