Abstract
The behaviour of the employee has the potential to either strengthen or weaken security, and it is therefore vital to foster a culture of security within organizations. The hope is that such a culture will ensure that behaviour becomes more secure over time, essentially reducing security incidents. Organizations attempt to nurture such a culture, mostly by means of educating their employees and having a comprehensive set of regularly-updated security policies. They are required to carry out regular security audits. These are usually in the form of checkbox-type assessments, ascertaining that the organization has all the correct mechanisms in place to maximize security of information.
We carried out an ethnographic investigation into the security culture of a single retail store that is part of a large nationwide organization in the United Kingdom. The study surprisingly revealed poor security culture, despite the organization as a whole seemingly following good practice with respect to education and policy.
Original language | English |
---|---|
Title of host publication | 2015 World Congress on Internet Security (WorldCIS) |
Publisher | IEEE |
Pages | 61-66 |
Number of pages | 6 |
ISBN (Electronic) | 9781908320506 |
ISBN (Print) | 9781467394833 |
DOIs | |
Publication status | Published - 16 Dec 2015 |
Externally published | Yes |
Event | 2015 World Congress on Internet Security - Dublin, Ireland Duration: 19 Oct 2015 → 21 Oct 2015 |
Conference
Conference | 2015 World Congress on Internet Security |
---|---|
Abbreviated title | WorldCIS 2015 |
Country/Territory | Ireland |
City | Dublin |
Period | 19/10/15 → 21/10/15 |
Keywords
- Security behaviour
- Information security culture
- Ethnographic study
- Retail