Skip to main content

Assessing an Organization Security Culture Based on ENISA Approach

  • 1230 Accesses

Part of the Advances in Intelligent Systems and Computing book series (AISC,volume 1351)

Abstract

Recently, one of the most promising things for any successful organization has been in establishing a security strategy. It is a distinguished document, which details out a set of steps important for any organization for determining and handling dangers. Developing a security strategy is an exhaustive process that involves an initial assessment, planning, operation, and permanent observation.

Assessing the readiness of institutions, in terms of the security culture, is emphasized to correspond with the efforts of governments, organizations, the private sector towards the business administration, and the electronic transformation into a digital society and e-government.

This paper proposes an ‘‘Application form’’ derived from the European Network and Information Security Agency (ENISA) safety criteria. The form involves twenty-five high-level security objectives, which are collected in seven domains for reviewing, assessing the readiness of any organization, and recognizing the deficit found in the requirements of information security in the organization.

The suggested “Application form” has been tested over various objectives, the acquired findings demonstrate that the suggested system has achieved a great performance and significant competence in terms of determining the weaknesses of the network and the organizational structure of the institution.

Keywords

  • Organization security policy
  • Security culture
  • ENISA criteria
  • Organization assessing

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-71187-0_3
  • Chapter length: 9 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   219.00
Price excludes VAT (USA)
  • ISBN: 978-3-030-71187-0
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   279.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.

References

  1. Whitworth, M.: Six Steps to a Better Security Strategy. Technical Report (2016)

    Google Scholar 

  2. Swiety, M.: Security Culture and how it affects your organization: Getting in touch with your human side. Web Page (2017). https://www.luxoft.com/blog/mswiety/security-culture-and-how-it-affects-your-organization-getting-in-touch/

  3. Roer, K.: Build a Security Culture. IT Governance Publishing (2015)

    Google Scholar 

  4. Al Hogail, A.: Cultivating and assessing an organizational information security culture; an empirical study. Int. J. Secur. Appl. 9(7), 163–178 (2015)

    Google Scholar 

  5. Study on the Evaluation of the European Union Agency for Network and Information Security. Technical Report, RAMBOLL (2017). https://openarchive.cbs.dk/bitstream/handle/10398/9524/EvaluationofENISA-FinalReport.pdf?sequence=1

  6. Enisa Regulation (EU) No 526/2013 OF the European Parliament and of the Council. Official Journal of the European Union (2013)

    Google Scholar 

  7. Okere, I., van Niekerk, J., Carroll, M.: Assessing information security culture: a critical analysis of current approaches. In: The Proceedings of IEEE Conference on Information Security for South Africa (ISSA), pp. 1–8 (2012)

    Google Scholar 

  8. Whitman, M.E., Mattord, H.J.: Principles of Information Security. Course Technology, Boston (2012)

    Google Scholar 

  9. Renaud, K., Goucher, W.: The curious incidence of security breaches by knowledgeable employees and the pivotal role a of security culture. In: Human Aspects of Information Security, Privacy, and Trust, pp. 361–372. Springer, Switzerland (2014)

    Google Scholar 

  10. Hafizah Hassan, N., Ismail, Z., Maarop, N.: Proceedings of the 5th International Conference on Computing and Informatics, 11–13 August 2015, Istanbul, Turkey (2015)

    Google Scholar 

  11. Alhogail, A., Mirza, A., Bakry, S.H.: A comprehensive human factor framework for information security in organizations. J. Theor. Appl. Inf. Technol. 78(2), 201–211 (2015)

    Google Scholar 

  12. AIHogail, A., Mirza, A.: Organizational information security culture assessment. In: International Conference on Security and Management SAM (2015)

    Google Scholar 

  13. Munteanu, A.-B., Fotache, D.: Enablers of information security culture. Procedia Econ. Fin. 20, 414–422 (2015)

    CrossRef  Google Scholar 

  14. Antoniou, G.S.: Designing an effective information security policy for exceptional situations in an organization: An experimental study. Doctoral dissertation. Nova Southeastern University. Retrieved from NSU Works, College of Engineering and Computing, no. 949 (2015). https://nsuworks.nova.edu/gscis_etd/949

  15. Da Veiga, A.: The influence of information security policies on information security culture: illustrated through a case study. In: Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015) (2015)

    Google Scholar 

  16. Masrek, M.N.: Assessing information security culture: the case of Malaysia public organization. In: Proceeding of 2017 4th International Conference on Information Technology, Computer, and Electrical Engineering (ICITACEE), Semarang, Indonesia, 18–19 October 2017 (2017)

    Google Scholar 

  17. Tolah, A., Furnell, S.M., Papadaki, M.: A comprehensive framework for cultivating and assessing information security culture. In: Proceedings of the Eleventh International Symposium on Human Aspects of Information Security & Assurance (HAISA 2017) (2017)

    Google Scholar 

  18. Glaspie, H.W., Karwowski, W.: Human factors in information security culture: a literature review. In: International Conference on Applied Human Factors and Ergonomics (2018)

    Google Scholar 

  19. Masrek, M.N., Harun, Q.N., Sahid, N.Z.: Assessing the information security culture in a government context: the case of a developing country. Int. J. Civil Eng. Technol. (IJCIET) 9(8), 96–112 (2018)

    Google Scholar 

  20. Tang, M., Zhang, T.: The impacts of organizational culture on information security culture: a case study. Inf. Technol. Manag. 17, 1–8 (2016)

    CrossRef  Google Scholar 

  21. Connolly, L., Lang, M., Tygar, D.: Managing employee security behaviour in organisations: the role of cultural factors and individual values. In: Proceedings of 29th IFIP International Information Security Conference (SEC), Marrakech, Morocco, June 2014 (2014)

    Google Scholar 

  22. Martins, N., DaVeiga, A.: An information security culture model validated with structural equation modelling. In: Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015) (2015)

    Google Scholar 

  23. Cyber Security Culture in organizations. Technical Report, ENISA (2017)

    Google Scholar 

  24. Dekker, M., Karsberg, C.: Technical guideline on security measures technical guidance on the security measures in article 13a. Technical Report, ENISA, Version 2.0 (2014)

    Google Scholar 

  25. Skopik, F., Settanni, G., Fiedler, R.: A problem shared is a problem halved: a survey on the dimensions of collective cyber defense through security information sharing. Comput. Secur. 60, 154–176 (2016)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Wasnaa Kadhim Jawad .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Jawad, W.K. (2021). Assessing an Organization Security Culture Based on ENISA Approach. In: Abraham, A., Piuri, V., Gandhi, N., Siarry, P., Kaklauskas, A., Madureira, A. (eds) Intelligent Systems Design and Applications. ISDA 2020. Advances in Intelligent Systems and Computing, vol 1351. Springer, Cham. https://doi.org/10.1007/978-3-030-71187-0_3

Download citation