An ethnographic study to assess the enactment of information security culture in a retail store

Andrews Greig, Karen Renaud, Stephen Flowerday

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

The behaviour of the employee has the potential to either strengthen or weaken security, and it is therefore vital to foster a culture of security within organizations. The hope is that such a culture will ensure that behaviour becomes more secure over time, essentially reducing security incidents. Organizations attempt to nurture such a culture, mostly by means of educating their employees and having a comprehensive set of regularly-updated security policies. They are required to carry out regular security audits. These are usually in the form of checkbox-type assessments, ascertaining that the organization has all the correct mechanisms in place to maximize security of information.

We carried out an ethnographic investigation into the security culture of a single retail store that is part of a large nationwide organization in the United Kingdom. The study surprisingly revealed poor security culture, despite the organization as a whole seemingly following good practice with respect to education and policy.

Original languageEnglish
Title of host publication2015 World Congress on Internet Security (WorldCIS)
PublisherIEEE
Pages61-66
Number of pages6
ISBN (Electronic)9781908320506
ISBN (Print)9781467394833
DOIs
Publication statusPublished - 16 Dec 2015
Externally publishedYes
Event2015 World Congress on Internet Security - Dublin, Ireland
Duration: 19 Oct 201521 Oct 2015

Conference

Conference2015 World Congress on Internet Security
Abbreviated titleWorldCIS 2015
CountryIreland
CityDublin
Period19/10/1521/10/15

Fingerprint Dive into the research topics of 'An ethnographic study to assess the enactment of information security culture in a retail store'. Together they form a unique fingerprint.

  • Cite this

    Greig, A., Renaud, K., & Flowerday, S. (2015). An ethnographic study to assess the enactment of information security culture in a retail store. In 2015 World Congress on Internet Security (WorldCIS) (pp. 61-66). [7359415] IEEE . https://doi.org/10.1109/WorldCIS.2015.7359415