This paper aims to illustrate the application of the Information Security Culture Framework (ISCF) to asses and cultivate an information security aware culture within an organization through an empirical study. The ISCF is a comprehensive framework that consists of five dimensions (Strategy, Technology, Organization, People, and Environment) and integrates change management and the human factor in information security. The empirical study includes three case studies, selected to demonstrate the effectiveness of ISCF in describing and explaining the organizational information security culture. A sequential mixed method, to collect quantitative survey data and qualitative interview data, is used to demonstrate the validity and reliability of the framework.
| Construct | Cites | Category | Questions given? | Content validity | Pretests | Response type | Notes |
|---|---|---|---|---|---|---|---|
| Strategy | NEW | Information Security Culture Framework | no | based on a validated framework | validated through seven interviews | binary/3/5-point likert scales | |
| Technology | NEW | Information Security Culture Framework | no | based on a validated framework | validated through seven interviews | binary/3/5-point likert scales | |
| Organization | NEW | Information Security Culture Framework | no | based on a validated framework | validated through seven interviews | binary/3/5-point likert scales | |
| People | NEW | Information Security Culture Framework | no | based on a validated framework | validated through seven interviews | binary/3/5-point likert scales | |
| Environment | NEW | Information Security Culture Framework | no | based on a validated framework | validated through seven interviews | binary/3/5-point likert scales | |
| Change management | NEW | no | based on a validated framework | validated through seven interviews | binary/3/5-point likert scales |
Areej AlHogail. Cultivating and Assessing Organizational Information Security Culture, an Empirical Study. vol, 9:163–178, 2015.
@article{alhogail_cultivating_2015,
author = {AlHogail, Areej},
journal = {vol},
pages = {163--178},
title = {Cultivating and {{Assessing Organizational Information Security Culture}}, an {{Empirical Study}}},
volume = {9},
year = {2015}
}