The purpose of the current paper was to develop a measurement of information security culture. Eight interviews with information security experts in eight different Saudi organisations were conducted, revealing that security culture can be constituted as reflection of security awareness and security ownership. Additionally, the qualitative interviews have revealed that factors that influence security culture are top management involvement, policy enforcement, and training.
| Construct | Cites | Category | Questions given? | Content validity | Pretests | Response type | Notes |
|---|---|---|---|---|---|---|---|
| Top Management | Knapp et al., 2006 | yes | based on interviews and expert sorting exercise and index card sorting test | pilot | 5 point likert scale ranging from "Strongly disagree" to "strongly agree" | ||
| Involvement In Information Security | NEW, Knapp et al., 2006 | yes | based on interviews and expert sorting exercise and index card sorting test | pilot | 5 point likert scale ranging from "Strongly disagree" to "strongly agree" | ||
| Information Security Policy Enforcements | NEW, Da Veiga et al., 2007, Rainer et al., 2007 | yes | based on interviews and expert sorting exercise and index card sorting test | pilot | 5 point likert scale ranging from "Strongly disagree" to "strongly agree" | ||
| Information Security Training | NEW, D'Arcy, 2009, Rainer et al., 2007 | yes | based on interviews and expert sorting exercise and index card sorting test | pilot | 5 point likert scale ranging from "Strongly disagree" to "strongly agree" | ||
| Information Security Awareness | NEW | yes | based on interviews and expert sorting exercise and index card sorting test | pilot | 5 point likert scale ranging from "Strongly disagree" to "strongly agree" | ||
| Information Security Ownerships | NEW | yes | based on interviews and expert sorting exercise and index card sorting test | pilot | 5 point likert scale ranging from "Strongly disagree" to "strongly agree" |
Mohammed Alnatheer, Taizan Chan, and Karen Nelson. Understanding And Measuring Information Security Culture. In PACIS, 144. 2012.
@inproceedings{alnatheer_understanding_2012,
author = {Alnatheer, Mohammed and Chan, Taizan and Nelson, Karen},
booktitle = {{{PACIS}}},
pages = {144},
title = {Understanding {{And Measuring Information Security Culture}}.},
year = {2012}
}