An Investigation of the Factors That Influence Information Security Culture in Government Organizations in Bhutan

Abstract

ABSTRACT Organizations make large investments to secure data and networks, but information security breaches as a result of insiders continue to rise. One possible contributor to this is poor information security culture. This study investigated the key factors that contribute to effective information security culture in government organizations in Bhutan and how information security culture influences employee security behavior. A research model was developed for the study based on an analysis of the information security literature. Data was collected using an online survey of 181 government employees. Senior management support, information security policy, training and awareness campaigns, interpersonal trust, and job- versus employee-oriented organizational culture were all found to influence information security culture, and information security culture contributed to information security behavior. The study extends understanding of the roles of trust and different dimensions of organizational culture in improving information security culture and behavior. The findings should help government policy makers and information security practitioners when developing information security strategies and programs.