Show simple item record

dc.contributor.authorNel, Frans
dc.contributor.authorDrevin, Lynette
dc.identifier.citationNel, F. & Drevin, L. 2019. Key elements of an information security culture in organisations. Information and computer security, 27(2):146-164. []en_US
dc.description.abstractPurpose The purpose of this paper is to report on a study that investigated the information security culture in organisations in South Africa, with the aim of identifying key aspects of the culture. The unique aspects for building an information security culture were examined and presented in the form of an initial framework. These efforts are necessary to address the critical human aspect of information security in organisations where risky cyber behaviour is still experienced. Design/methodology/approach Literature was investigated with the focus on the main keywords security culture and information security. The information security culture aspects of different studies were compared and analysed to identify key elements of information security culture after which an initial framework was constructed. An online survey was then conducted in which respondents were asked to assess the importance of the elements and to record possible missing elements/aspects regarding their organisation’s information security culture to construct an enhanced framework. Findings A list of 21 unique security culture elements was identified from the literature. These elements/aspects were divided into three groups based on the frequency each was mentioned or discussed in studies. The number of times an element was found was interpreted as an indication of how important that element/aspect is. A further four aspects were added to the enhanced framework based on the results that emerged from the survey. Originality/value The value of this research is that an initial framework of information security culture aspects was constructed that can be used to ensure that an organisation incorporates all key aspects in its own information security culture. This framework was further enhanced from the results of the survey. The framework can also assist further studies related to the information security culture in organisations for improved security awareness and safer cyber behaviour of employeesen_US
dc.subjectInformation security cultureen_US
dc.subjectInformation security awareness and trainingen_US
dc.subjectKey elementsen_US
dc.subjectSecurity cultureen_US
dc.titleKey elements of an information security culture in organisationsen_US
dc.contributor.researchID10067132 - Drevin, Lynette
dc.contributor.researchID21769028 - Nel, Frans

Files in this item


There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record