Abstract
The behaviour of the employee has the potential to either strengthen or weaken security, and it is therefore vital to foster a culture of security within organizations. The hope is that such a culture will ensure that behaviour becomes more secure over time, essentially reducing security incidents. Organizations attempt to nurture such a culture, mostly by means of educating their employees and having a comprehensive set of regularly-updated security policies. They are required to carry out regular security audits. These are usually in the form of checkbox-type assessments, ascertaining that the organization has all the correct mechanisms in place to maximize security of information.
We carried out an ethnographic investigation into the security culture of a single retail store that is part of a large nationwide organization in the United Kingdom. The study surprisingly revealed poor security culture, despite the organization as a whole seemingly following good practice with respect to education and policy.
| Original language | English |
|---|---|
| Title of host publication | 2015 World Congress on Internet Security (WorldCIS) |
| Publisher | IEEE |
| Pages | 61-66 |
| Number of pages | 6 |
| ISBN (Electronic) | 9781908320506 |
| ISBN (Print) | 9781467394833 |
| DOIs | |
| Publication status | Published - 16 Dec 2015 |
| Externally published | Yes |
| Event | 2015 World Congress on Internet Security - Dublin, Ireland Duration: 19 Oct 2015 → 21 Oct 2015 |
Conference
| Conference | 2015 World Congress on Internet Security |
|---|---|
| Abbreviated title | WorldCIS 2015 |
| Country/Territory | Ireland |
| City | Dublin |
| Period | 19/10/15 → 21/10/15 |
Keywords
- Security behaviour
- Information security culture
- Ethnographic study
- Retail