Abstract

This paper proposes how organisations may attend to key factors influencing organisational culture to facilitate and nurture a well-prepared information security culture. Organisational culture is the formative part of organisational behaviour, establishing the social interaction norms, best practices and processes required to achieve organisational objectives. In defining what organisational culture is, and by recognising what a worthy culture should entail, companies may increase opportunities to detect problems, design solutions and develop healthier environments. Employees have accord in decision making and experience a shared understanding of how to accomplish organisational goals. The organisation’s cultural orientation dictates the acceptable system and leadership behaviours expected to effectively achieve enterprise strategy; ultimately, employee behaviour and interaction become defined by such orientation. Attempts to change organisational culture is problematic, since organisational culture often lives on long after founders depart, leaders exit, and products and services cease. Hence, organisational culture may become static. Understanding the organisation’s culture is valuable in managing responses to security challenges, since awareness of the organisation’s cultural profile helps in recognising the organisation’s readiness in dealing with dynamic security hazards. Information security culture, a sub-culture of organisational culture, represents the employee’s behaviour and attitude toward information security. The Information Security Culture Framework offers a model to assess the organisation’s status (resiliency and readiness) of its information security culture and mitigate security issues heightened by human error. Adopting a dynamic information security culture fosters beneficial change necessary to confront and diminish security threats. By promoting information security consciousness and focused security awareness to address dynamic information security threats, organisations may achieve a robust information security culture.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.