Understanding Information Security Culture: A Survey in Small and Medium Sized Enterprises
Information security is a relevant fact for current organizations. There are factors inextricably linked to this issue, and one cannot talk about information security in an organization without addressing and understanding the information security culture of that institution. Maximizing the organizational culture within an organization will enable the safeguard of information security. For that, we need to understand which the inhibiting and the enabling factors are. This paper contributes to point out those factors by presenting the results of a survey concerning information security culture in small and medium sized enterprises (SMEs). We discuss the results in the light of related literature, and we identify future works aiming to enhance information security within organizations.
KeywordsSecurity Culture Information Security Small and Medium Sized Enterprises Information Security Culture
Unable to display preview. Download preview PDF.
- 1.Da Veiga, A.: Cultivating and Assessing Information Security Culture. University of Pretoria (2008)Google Scholar
- 3.Martins, A., Eloff, J.H.P.: Information Security Culture. Paper presented at the 17th International Conference on Information Security (2002)Google Scholar
- 4.Maynard, S., Ruighaver, A.B.: Evaluating IS Security Policy Development. Paper presented at the Third Australian Information Warfare and Security Conference, Perth, Australia (2002)Google Scholar
- 5.Schlienger, T., Teufel, S.: Analyzing Information Security Culture: Increased Trust by an Appropriate Information Security Culture. Paper presented at the DEXA Workshops (2003)Google Scholar
- 6.van Niekerk, J., von Solms, R.: A holistic framework for the fostering of an information security sub-culture in organizations. Paper presented at the 4th Annual ISSA Conference South Africa (2005)Google Scholar
- 13.Dimopoulos, V., Furnell, S.M., Jennex, M., Kritharas, I.: Approaches to IT Security in Small and Medium Enterprises. In: Proceedings of the 2nd Australian Information Security Management Conference 2004, Perth, Australia (2004)Google Scholar
- 14.Furnell, S.M., Gennatou, M., Dowland, P.S.: Promoting Security Awareness and Training within Small Organisations. In: Proceedings of the 1st Australian Information Security Management Workshop, Deakin University, Geelong, Australia (2000)Google Scholar
- 15.Helokunnas, T., Iivonen, I.: Information Security Culture in Small and Medium Size Enterprises. Seminar Presentation, Institute of Business Information Management. Tampere University of Technology, Finland (2003)Google Scholar
- 17.ISO/IEC 27002, Information technology — Security techniques — Information security management systems — Requirements, International Organization for Standardization/International Electrotechnical Commission (2005)Google Scholar