Security Constructs

Da Veiga, 2015: Information Security Culture and Information Protection Culture: A Validated Assessment Instrument

Topic:

Information security culture assessment (ISCA) instrument can be used, but that it can be further improved by incorporating additional privacy concepts. An information protection culture assessment (IPCA) is conducted as part of a case study in an organisation. This allowed for a factor and reliability analysis to validate the IPCA. The analysis indicated that the IPCA is valid and reliable when grouping the items into the newly identified factors, but can further be enhanced by aligning it to information privacy attributes

two surveys, 2159 and 2320 employees from one organisation

Constructs in this publication:

Construct Cites Category Questions given? Content validity Pretests Response type Notes
Information asset management Da Veiga, 2007, Da Veiga, 2010, Da Veiga et al., 2007 Information Security Culture Assessment (ISCA) no no none 5-point Likert scale (Strongly disagree, Disagree, Unsure, Agree, Strongly agree)
Information security management Da Veiga, 2007, Da Veiga, 2010, Da Veiga et al., 2007 Information Security Culture Assessment (ISCA) no no none 5-point Likert scale (Strongly disagree, Disagree, Unsure, Agree, Strongly agree)
Change management Da Veiga, 2007, Da Veiga, 2010, Da Veiga et al., 2007 Information Security Culture Assessment (ISCA) no no none 5-point Likert scale (Strongly disagree, Disagree, Unsure, Agree, Strongly agree)
User management Da Veiga, 2007, Da Veiga, 2010, Da Veiga et al., 2007 Information Security Culture Assessment (ISCA) no no none 5-point Likert scale (Strongly disagree, Disagree, Unsure, Agree, Strongly agree)
Information security policy Da Veiga, 2007, Da Veiga, 2010, Da Veiga et al., 2007 Information Security Culture Assessment (ISCA) no no none 5-point Likert scale (Strongly disagree, Disagree, Unsure, Agree, Strongly agree)
Information security programme Da Veiga, 2007, Da Veiga, 2010, Da Veiga et al., 2007 Information Security Culture Assessment (ISCA) no no none 5-point Likert scale (Strongly disagree, Disagree, Unsure, Agree, Strongly agree)
Trust Da Veiga, 2007, Da Veiga, 2010, Da Veiga et al., 2007 Information Security Culture Assessment (ISCA) no no none 5-point Likert scale (Strongly disagree, Disagree, Unsure, Agree, Strongly agree)
Information security leadership Da Veiga, 2007, Da Veiga, 2010, Da Veiga et al., 2007 Information Security Culture Assessment (ISCA) no no none 5-point Likert scale (Strongly disagree, Disagree, Unsure, Agree, Strongly agree)
Training and awareness Da Veiga, 2007, Da Veiga, 2010, Da Veiga et al., 2007 Information Security Culture Assessment (ISCA) no no none 5-point Likert scale (Strongly disagree, Disagree, Unsure, Agree, Strongly agree)
Privacy perception new? Information Security Culture Assessment (ISCA) no no none 5-point Likert scale (Strongly disagree, Disagree, Unsure, Agree, Strongly agree)

This publication is cited by the following publications:

Citation:

Adéle Da Veiga and Nico Martins. Information security culture and information protection culture: A validated assessment instrument. Computer Law & Security Review, 31(2):243–256, 2015.

Bibtex


@article{daveiga_information_2015,
 author = {Da Veiga, Ad\'ele and Martins, Nico},
 journal = {Computer Law \& Security Review},
 number = {2},
 pages = {243--256},
 shorttitle = {Information Security Culture and Information Protection Culture},
 title = {Information Security Culture and Information Protection Culture: {{A}} Validated Assessment Instrument},
 volume = {31},
 year = {2015}
}