Information Security Culture Critical Success Factors

Abstract

The purpose of this paper is to examine information security culture critical success factors. The current existing literature analyses have not clearly identified factors that have significant influence on information security culture adoption. This paper has examined current influential factors that could have influence information security culture creation within the organization setting. We found information security culture critical success factors to be: top management support for information security, establishing an effective information security policy, information security awareness, information security training and education, information security risk analysis and assessment, information security compliance, ethical conduct policies, and organization culture. This paper contributes to the existing knowledge by proving top critical factors that are necessary for information security culture creation in order to assist managing information security successfully.