Information security culture: a behaviour compliance conceptual framework

Salahuddin Alfawaz; Karen J Nelson; Kavoos Mohannak

Back

Information security culture: a behaviour compliance conceptual framework

Conference paper

Open access

Peer reviewed

Information security culture: a behaviour compliance conceptual framework

Salahuddin Alfawaz, Karen J Nelson and Kavoos Mohannak

Proceedings of the 8th Australasian Information Security Conference, pp.47-55

Australasian Information Security Conference (AISC), 8th (Brisbane, Australia, 19-Jan-2010–20-Jan-2010)

Australian Computer Society Inc.

2010

Files and links (2)

pdf

PDF - Author's Accepted Version208.32 kBDownload View

Accepted VersionPDF - Author Accepted Version Open Access

url

http://dl.acm.org/citation.cfm?id=1862275View

Webpage

Abstract

Data Format

information security management

conceptual framework

information security culture

information security behaviour and compliance

Understanding the complex dynamic and uncertain characteristics of organisational employees who perform authorised or unauthorised information security activities is deemed to be a very important and challenging task. This paper presents a conceptual framework for classifying and organising the characteristics of organisational subjects involved in these information security practices. Our framework expands the traditional Human Behaviour and the Social Environment perspectives used in social work by identifying how knowledge, skills and individual preferences work to influence individual and group practices with respect to information security management. The classification of concepts and characteristics in the framework arises from a review of recent literature and is underpinned by theoretical models that explain these concepts and characteristics. Further, based upon an exploratory study of three case organisations in Saudi Arabia involving extensive interviews with senior managers, department managers, IT managers, information security officers, and IT staff; this article describes observed information security practices and identifies several factors which appear to be particularly important in influencing information security behaviour. These factors include values associated with national and organisational culture and how they manifest in practice, and activities related to information security management.

Details

Title: Information security culture: a behaviour compliance conceptual framework
Authors: Salahuddin Alfawaz (Author) - Queensland University of Technology
Karen J Nelson (Author) - Queensland University of Technology
Kavoos Mohannak (Author) - Queensland University of Technology
Contributors: C Boyd (Editor)
W Susilo (Editor)
Publication details: Proceedings of the 8th Australasian Information Security Conference, pp.47-55
Conference details: Australasian Information Security Conference (AISC), 8th (Brisbane, Australia, 19-Jan-2010–20-Jan-2010)
Publisher: Australian Computer Society Inc.
Date published: 2010
ISBN: 9781920682866
Organisation Unit: University of the Sunshine Coast, Queensland; Office of the Pro Vice-Chancellor (Students)
Language: English
Record Identifier: 99448904302621
Output Type: Conference paper

Metrics

210 File views/ downloads

706 Record Views