Da Veiga et al., 2007: Information Security Culture - Validation of an Assessment Instrument : Research Article

Topic:

The aim of this paper is to validate an information security culture assessment instrument. This is achieved by performing a factor and reliability analysis on the data from an information security culture assessment in a financial organisation. The results of the analysis are used to identify areas for improving the information security culture assessment instrument.

survey, 4735 employees

Constructs in this publication:

Construct	Cites	Category	Questions given?	Content validity	Pretests	Response type	Notes
Management of information security	Martins, 2002	Information Security Culture Assessment	no	none	pilot of 20 employees	no
Performance management	Martins, 2002	Information Security Culture Assessment	no	none	pilot of 20 employees	no
Performance accountability	Martins, 2002	Information Security Culture Assessment	no	none	pilot of 20 employees	no
Communication	Martins, 2002	Information Security Culture Assessment	no	none	pilot of 20 employees	no
Governance	Martins, 2002	Information Security Culture Assessment	no	none	pilot of 20 employees	no
Capability development	Martins, 2002	Information Security Culture Assessment	no	none	pilot of 20 employees	no

This publication is cited by the following publications:

• Da Veiga, 2015: Information asset management
• Da Veiga, 2015: Information security management
• Da Veiga, 2015: Change management
• Da Veiga, 2015: User management
• Da Veiga, 2015: Information security policy
• Da Veiga, 2015: Information security programme
• Da Veiga, 2015: Trust
• Da Veiga, 2015: Information security leadership
• Da Veiga, 2015: Training and awareness
• Alnatheer et al., 2012: Information Security Policy Enforcements
• Da Veiga, 2010: Leadership and Governance
• Da Veiga, 2010: Security Management and Operations
• Da Veiga, 2010: Security Policies
• Da Veiga, 2010: Security Programme Management
• Da Veiga, 2010: User Security Management
• Da Veiga, 2010: Technology Protection and Operations
• Da Veiga, 2010: Change

Citation:

A. Da Veiga, N. Martins, and J. H. P. Eloff. Information security culture - validation of an assessment instrument : research article. Southern African Business Review, 11(1):147–166, April 2007.

Bibtex

@article{daveiga_information_2007,
 abstract = {Organisations need to ensure that the interaction among people, as well as between people and information technology (IT) systems, contributes to the protection of information assets. Organisations therefore need to assess their employees\' behaviour and attitudes towards the protection of information assets in order to establish whether employee behaviour is an asset or a threat to the protection of information. One approach that organisations could use is to assess whether an acceptable level of information security culture has been inculcated in the organisation and, if not, take corrective action. The aim of this paper is to validate an information security culture assessment instrument. This is achieved by performing a factor and reliability analysis on the data from an information security culture assessment in a financial organisation. The results of the analysis are used to identify areas for improving the information security culture assessment instrument. The study makes a contribution to the existing body of knowledge concerned with the assessment of information security culture and its value for management to ensure the protection of information assets.},
 author = {Da Veiga, A. and Martins, N. and Eloff, J. H. P.},
 issn = {1998-8125},
 journal = {Southern African Business Review},
 language = {en},
 month = {April},
 number = {1},
 pages = {147-166},
 shorttitle = {Information Security Culture - Validation of an Assessment Instrument},
 title = {Information Security Culture - Validation of an Assessment Instrument : Research Article},
 volume = {11},
 year = {2007}
}

---