This paper presents a conceptual framework for classifying and organising the characteristics of organisational subjects involved in these informa tion security practices. This article describes observed information security practices and identi es several factors which appear to be particularly important in influencing information security behaviour. These factors include values associated with national and organisational culture and how they manifest in practice, and activities related to information security management.
Salahuddin Alfawaz, Karen Nelson, and Kavoos Mohannak. Information Security Culture: A Behaviour Compliance Conceptual Framework. In Proceedings of the Eighth Australasian Conference on Information Security - Volume 105, AISC '10, 47–55. Darlinghurst, Australia, Australia, 2010. Australian Computer Society, Inc.
@inproceedings{alfawaz_information_2010,
abstract = {Understanding the complex dynamic and uncertain characteristics of organisational employees who perform authorised or unauthorised information security activities is deemed to be a very important and challenging task. This paper presents a conceptual framework for classifying and organising the characteristics of organisational subjects involved in these information security practices. Our framework expands the traditional Human Behaviour and the Social Environment perspectives used in social work by identifying how knowledge, skills and individual preferences work to influence individual and group practices with respect to information security management. The classification of concepts and characteristics in the framework arises from a review of recent literature and is underpinned by theoretical models that explain these concepts and characteristics. Further, based upon an exploratory study of three case organisations in Saudi Arabia involving extensive interviews with senior managers, department managers, IT managers, information security officers, and IT staff; this article describes observed information security practices and identifies several factors which appear to be particularly important in influencing information security behaviour. These factors include values associated with national and organisational culture and how they manifest in practice, and activities related to information security management.},
address = {Darlinghurst, Australia, Australia},
author = {Alfawaz, Salahuddin and Nelson, Karen and Mohannak, Kavoos},
booktitle = {Proceedings of the {{Eighth Australasian Conference}} on {{Information Security}} - {{Volume}} 105},
isbn = {978-1-920682-86-6},
pages = {47--55},
publisher = {{Australian Computer Society, Inc.}},
series = {AISC '10},
shorttitle = {Information {{Security Culture}}},
title = {Information {{Security Culture}}: {{A Behaviour Compliance Conceptual Framework}}},
year = {2010}
}