Critical analysis of information security culture definitions

Zainab Ruhwanya*, Jacques Ophoff

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

107 Downloads (Pure)

Abstract

This article aims to advance the understanding of information security culture through a critical reflection on the wide-ranging definitions of information security culture in the literature. It uses the hermeneutic approach for conducting literature reviews. The review identifies 16 definitions of information security culture in the literature. Based on the analysis of these definitions, four different views of culture are distinguished. The shared values view highlights the set of cultural value patterns that are shared across the organization. An action-based view highlights the behaviors of individuals in the organization. A mental model view relates to the abstract view of the individual’s thinking on how information security culture must work. Finally, a problem-solving view emphasizes a combination of understanding from shared value-based and action-based views. The paper analyzes and presents the limitations of these four views of information security culture definitions.
Original languageEnglish
Title of host publicationHuman Aspects of Information Security and Assurance
Subtitle of host publication14th IFIP WG 11.12 International Symposium, HAISA 2020, Mytilene, Lesbos, Greece, July 8–10, 2020, Proceedings
EditorsNathan Clarke, Steven Furnell
Place of PublicationCham
PublisherSpringer
Pages353-365
Number of pages13
ISBN (Electronic)9783030574048
ISBN (Print)9783030574031
DOIs
Publication statusPublished - 21 Aug 2020
Event14th International Symposium on Human Aspects of Information Security & Assurance - Online/Virtual
Duration: 8 Jul 202010 Jul 2020
Conference number: 14th
https://www.haisa.org/?page=home

Publication series

NameIFIP Advances in Information and Communication Technology (IFIPAICT)
PublisherSpringer
Volume593
ISSN (Print)1868-4238
ISSN (Electronic)1868-422X

Conference

Conference14th International Symposium on Human Aspects of Information Security & Assurance
Abbreviated titleHAISA 2020
Period8/07/2010/07/20
Internet address

Fingerprint Dive into the research topics of 'Critical analysis of information security culture definitions'. Together they form a unique fingerprint.

  • Cite this

    Ruhwanya, Z., & Ophoff, J. (2020). Critical analysis of information security culture definitions. In N. Clarke, & S. Furnell (Eds.), Human Aspects of Information Security and Assurance: 14th IFIP WG 11.12 International Symposium, HAISA 2020, Mytilene, Lesbos, Greece, July 8–10, 2020, Proceedings (pp. 353-365). (IFIP Advances in Information and Communication Technology (IFIPAICT); Vol. 593). Springer. https://doi.org/10.1007/978-3-030-57404-8_27