Abstract
The concept of security culture is relatively new. It is often investigated in a simplistic manner focusing on end-users and on the technical aspects of security. Security, however, is a management problem and as a result the investigation of security culture should also have a management focus. This paper discusses security culture based on an organisational culture framework of eight dimensions. We believe that use of this framework in security culture research will reduce the inherent biases of researchers who tend to focus on only technical aspects of culture from an end users perspective.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download to read the full chapter text
Chapter PDF
References
Von Solms, B.: Information Security-The Third Wave? Computers and Security, Vol. 19. No. 7. (2000) 615–620.
Schlienger, T. and Teufel S.: Information Security Culture-The Socio-Cultural Dimension in Information Security Management. IFIP TC11 International Conference on Information Security, Cairo Egypt (2002).
Schlienger, T. and Teufel, S.: Analyzing Information Security Culture: Increased Trust by an Appropriate Information Security Culture. 14th International Workshop on Database and Expert Systems Applications (DEXA’03), Prague Czech Republic (2003).
Chia, P. Maynard, S., Ruighaver, A.B.: Understanding Organisational Security Culture. In Information Systems: The Challenges of Theory and Practice, Hunter, M. G. and Dhanda, K. K. (eds), Information Institute, Las Vegas, USA. (2003) 335–365.
Detert, J., R. Schroeder & J. Mauriel.: A Framework For Linking Culture and Improvement Initiatives in Organisations. The Academy of Management Review, Vol. 25. No. 4. (2000) 850–863.
Conolly, P.: Security Starts from Within. InfoWorld, Vol. 22. No. 28. (2000) 39–40
Wood, C: Integrated Approach Includes Information Security. Security, Vol. 37. No. 2. (2000) 43–44.
Lau, O.: The Ten Commandments of Security. Computers and Security, Vol. 17. No. 2. (1998) 119–123.
Koh, K. Ruighaver, A.B. Maynard, S. Ahmad, A.: Security Governance: Its impact on Security Culture. 3rd Australian Information Security Management Conference, Perth Australia (2005).
Tan, T.C.C. Ruighaver, A.B.: Developing a framework for understanding Security Governance. 2nd Australian Information Security Management Conference, Perth Australia (2004).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 International Federation for Information Processing
About this paper
Cite this paper
Ruighaver, A.B., Maynard, S.B. (2006). Organizational Security Culture: More Than Just an End-User Phenomenon. In: Fischer-Hübner, S., Rannenberg, K., Yngström, L., Lindskog, S. (eds) Security and Privacy in Dynamic Environments. SEC 2006. IFIP International Federation for Information Processing, vol 201. Springer, Boston, MA. https://doi.org/10.1007/0-387-33406-8_36
Download citation
DOI: https://doi.org/10.1007/0-387-33406-8_36
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-33405-9
Online ISBN: 978-0-387-33406-6
eBook Packages: Computer ScienceComputer Science (R0)