An ethnographic study to assess the enactment of information security culture in a retail store

Andrews Greig, Karen Renaud, Stephen Flowerday

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

The behaviour of the employee has the potential to either strengthen or weaken security, and it is therefore vital to foster a culture of security within organizations. The hope is that such a culture will ensure that behaviour becomes more secure over time, essentially reducing security incidents. Organizations attempt to nurture such a culture, mostly by means of educating their employees and having a comprehensive set of regularly-updated security policies. They are required to carry out regular security audits. These are usually in the form of checkbox-type assessments, ascertaining that the organization has all the correct mechanisms in place to maximize security of information.

We carried out an ethnographic investigation into the security culture of a single retail store that is part of a large nationwide organization in the United Kingdom. The study surprisingly revealed poor security culture, despite the organization as a whole seemingly following good practice with respect to education and policy.

Original languageEnglish
Title of host publication2015 World Congress on Internet Security (WorldCIS)
PublisherIEEE
Pages61-66
Number of pages6
ISBN (Electronic)9781908320506
DOIs
Publication statusPublished - 16 Dec 2015
Externally publishedYes
Event2015 World Congress on Internet Security - Dublin, Ireland
Duration: 19 Oct 201521 Oct 2015

Conference

Conference2015 World Congress on Internet Security
Abbreviated titleWorldCIS 2015
CountryIreland
CityDublin
Period19/10/1521/10/15

Fingerprint

Enactment
Retail stores
Information security
Employees
Incidents
Education
Good practice
Security policy
Audit

Cite this

Greig, A., Renaud, K., & Flowerday, S. (2015). An ethnographic study to assess the enactment of information security culture in a retail store. In 2015 World Congress on Internet Security (WorldCIS) (pp. 61-66). [7359415] IEEE . https://doi.org/10.1109/WorldCIS.2015.7359415
Greig, Andrews ; Renaud, Karen ; Flowerday, Stephen. / An ethnographic study to assess the enactment of information security culture in a retail store. 2015 World Congress on Internet Security (WorldCIS). IEEE , 2015. pp. 61-66
@inproceedings{619982b6c39649d998bfbb5d103ad4f1,
title = "An ethnographic study to assess the enactment of information security culture in a retail store",
abstract = "The behaviour of the employee has the potential to either strengthen or weaken security, and it is therefore vital to foster a culture of security within organizations. The hope is that such a culture will ensure that behaviour becomes more secure over time, essentially reducing security incidents. Organizations attempt to nurture such a culture, mostly by means of educating their employees and having a comprehensive set of regularly-updated security policies. They are required to carry out regular security audits. These are usually in the form of checkbox-type assessments, ascertaining that the organization has all the correct mechanisms in place to maximize security of information.We carried out an ethnographic investigation into the security culture of a single retail store that is part of a large nationwide organization in the United Kingdom. The study surprisingly revealed poor security culture, despite the organization as a whole seemingly following good practice with respect to education and policy.",
author = "Andrews Greig and Karen Renaud and Stephen Flowerday",
year = "2015",
month = "12",
day = "16",
doi = "10.1109/WorldCIS.2015.7359415",
language = "English",
pages = "61--66",
booktitle = "2015 World Congress on Internet Security (WorldCIS)",
publisher = "IEEE",

}

Greig, A, Renaud, K & Flowerday, S 2015, An ethnographic study to assess the enactment of information security culture in a retail store. in 2015 World Congress on Internet Security (WorldCIS)., 7359415, IEEE , pp. 61-66, 2015 World Congress on Internet Security, Dublin, Ireland, 19/10/15. https://doi.org/10.1109/WorldCIS.2015.7359415

An ethnographic study to assess the enactment of information security culture in a retail store. / Greig, Andrews; Renaud, Karen; Flowerday, Stephen.

2015 World Congress on Internet Security (WorldCIS). IEEE , 2015. p. 61-66 7359415.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - An ethnographic study to assess the enactment of information security culture in a retail store

AU - Greig, Andrews

AU - Renaud, Karen

AU - Flowerday, Stephen

PY - 2015/12/16

Y1 - 2015/12/16

N2 - The behaviour of the employee has the potential to either strengthen or weaken security, and it is therefore vital to foster a culture of security within organizations. The hope is that such a culture will ensure that behaviour becomes more secure over time, essentially reducing security incidents. Organizations attempt to nurture such a culture, mostly by means of educating their employees and having a comprehensive set of regularly-updated security policies. They are required to carry out regular security audits. These are usually in the form of checkbox-type assessments, ascertaining that the organization has all the correct mechanisms in place to maximize security of information.We carried out an ethnographic investigation into the security culture of a single retail store that is part of a large nationwide organization in the United Kingdom. The study surprisingly revealed poor security culture, despite the organization as a whole seemingly following good practice with respect to education and policy.

AB - The behaviour of the employee has the potential to either strengthen or weaken security, and it is therefore vital to foster a culture of security within organizations. The hope is that such a culture will ensure that behaviour becomes more secure over time, essentially reducing security incidents. Organizations attempt to nurture such a culture, mostly by means of educating their employees and having a comprehensive set of regularly-updated security policies. They are required to carry out regular security audits. These are usually in the form of checkbox-type assessments, ascertaining that the organization has all the correct mechanisms in place to maximize security of information.We carried out an ethnographic investigation into the security culture of a single retail store that is part of a large nationwide organization in the United Kingdom. The study surprisingly revealed poor security culture, despite the organization as a whole seemingly following good practice with respect to education and policy.

U2 - 10.1109/WorldCIS.2015.7359415

DO - 10.1109/WorldCIS.2015.7359415

M3 - Conference contribution

AN - SCOPUS:84967110227

SP - 61

EP - 66

BT - 2015 World Congress on Internet Security (WorldCIS)

PB - IEEE

ER -

Greig A, Renaud K, Flowerday S. An ethnographic study to assess the enactment of information security culture in a retail store. In 2015 World Congress on Internet Security (WorldCIS). IEEE . 2015. p. 61-66. 7359415 https://doi.org/10.1109/WorldCIS.2015.7359415