Critical analysis of information security culture definitions

Zainab Ruhwanya*, Jacques Ophoff

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)
435 Downloads (Pure)


This article aims to advance the understanding of information security culture through a critical reflection on the wide-ranging definitions of information security culture in the literature. It uses the hermeneutic approach for conducting literature reviews. The review identifies 16 definitions of information security culture in the literature. Based on the analysis of these definitions, four different views of culture are distinguished. The shared values view highlights the set of cultural value patterns that are shared across the organization. An action-based view highlights the behaviors of individuals in the organization. A mental model view relates to the abstract view of the individual’s thinking on how information security culture must work. Finally, a problem-solving view emphasizes a combination of understanding from shared value-based and action-based views. The paper analyzes and presents the limitations of these four views of information security culture definitions.
Original languageEnglish
Title of host publicationHuman Aspects of Information Security and Assurance
Subtitle of host publication14th IFIP WG 11.12 International Symposium, HAISA 2020, Mytilene, Lesbos, Greece, July 8–10, 2020, Proceedings
EditorsNathan Clarke, Steven Furnell
Place of PublicationCham
Number of pages13
ISBN (Electronic)9783030574048
ISBN (Print)9783030574031
Publication statusPublished - 21 Aug 2020
Event14th International Symposium on Human Aspects of Information Security & Assurance - Online/Virtual, Mytilene, Greece
Duration: 8 Jul 202010 Jul 2020
Conference number: 14th

Publication series

NameIFIP Advances in Information and Communication Technology (IFIPAICT)
ISSN (Print)1868-4238
ISSN (Electronic)1868-422X


Conference14th International Symposium on Human Aspects of Information Security & Assurance
Abbreviated titleHAISA 2020
Internet address


  • Information security culture
  • Culture
  • Shared-value view
  • Action-based view
  • Mental model view
  • Problem-solving view


Dive into the research topics of 'Critical analysis of information security culture definitions'. Together they form a unique fingerprint.

Cite this