Enabling information security culture: Influences and challenges for Australian SMEs

ACIS 2010 Proceedings - 21st Australasian Conference on Information Systems

Volumn , Issue , 2010, Pages

  Dojkovski, Sneza ^a   Lichtenstein, Sharman ^a   Warren, Matthew J ^a  

^a DEAKIN UNIVERSITY   (Australia)

Author keywords

Information security; Information security culture; Small and Medium Size enterprises

Indexed keywords

INTERPRETIVE STUDY; SMALL AND MEDIUM-SIZE ENTERPRISE;

INDUSTRY; INFORMATION SYSTEMS; RISK MANAGEMENT;

SECURITY OF DATA;

EID: 84870387829     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (36)

1. Albrechtsen, E. and Hovden, J. 2009. "The information security digital divide between information security managers and users" Computers & Security (28:6), pp 476-490.
2. ABS (Australian Bureau of Statistics). 2001. 1321.0-Small Business in Australia.
3. Barlett, Y. and Fomin, V.V. 2008. "Exploring the Suitability of IS Security Management Standards for SMEs" in Proceedings of 2008 Hawaii International Conference on System Sciences, Hawaii, USA.
4. Beachboard. J., Cole, A., Mellor, M. and Hernandez, S. 2008. "Improving Information Security Risk Analysis Practices for Small-and Medium-Sized Enterprises: A Research Agenda Setting Knowledge Free" Journal of Issues in Informing Science and Information Technology (5).
5. Besnard, D. and Arief, B. 2004. "Computer Security Impaired by Legitimate Users" Computers & Security (23:1), pp 253-264.
6. BIS (2008) 2008 Information Security Breaches, Department of Business, Innovation and Skills, UK.
7. Chia, P.A., Maynard, S.B. and Ruighaver, A.B. 2002. "Exploring Organisational Security Culture: Developing A Comprehensive Research Model" Proceedings of IS ONE World Conference, Las Vegas, USA.
8. D'Arcy, J., Hovav, A. and Galletta, D.F. 2009. "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach" Information Systems Research (20:1), pp 79-98.
9. D'Arcy, J., and Greene, G. 2009. "The Multifaceted Nature of Security Culture and Its Influence on EndUser Behavior" Proceedings of IFIP TC 8 International Workshop on Information Systems Security Research, Cape Town, South Africa.
10. Dimopoulos, V., Furnell, S.M., Jennex, M. and Kritharas, I. 2004, "Approaches to IT Security in Small and Medium Enterprises" Proceedings of the 2nd Australian Information Security Management Conference, Perth, Australia.
11. Furnell, S.M., Gennatou, M. and Dowland, P.S. 2000. "Promoting Security Awareness and Training within Small Organisations" Proceedings of the 1st Australian Information Security Management Workshop, Geelong, Australia.
12. Furnell, S.M. and Clarke, N.L. 2005. "Organisational Security Culture: Embedding Security Awareness, Education and Training" Proceedings of the 4th World Conference on Information Security Education, Moscow, Russia.
13. Galletta, D.F. and Polak, P. 2003. "An Empirical Investigation of Antecedents of Internet Abuse in the Workplace". Proceedings of AIS SIG-HCI Workshop. Seattle, USA.
14. Gerber, M. and von Solms, R. 2005. "Management of risk in the information age" Computers & Security (24:1), pp 16-30.
15. Gupta, A. and Hammond, R. 2005. "Information systems security issues and decisions for small businesses" Information Management & Computer Security (13:4), pp 297-310.
16. Helokunnas, T. and Iivonen, I. 2003. Information Security Culture in Small and Medium Size Enterprises, Seminar Presentation, Institute of Business Information Management, Tampere University of Technology, Finland.
17. Helokunnas, T. and Kuusisto, R. 2003. "Information security culture in a value net" Proceedings of the 2003 IEEE International Engineering Management Conference, Albany, New York, USA.
18. Hofstede, G. 1991. "Cultural constraints in management theories" The Executive (7:1), pp 81-94.
19. Kraemer, S. and Carayon, P. 2007. "Human errors and violations in computer and information security: The viewpoint of network administrators and security specialists" Applied Ergonomics (38), pp 143-154.
20. thMay, 2010, from http://www.westga.edu/~distance/ojdla/fall103/berge103.htm
21. Lee, Y. and Larson, K.R. 2009. "Threat or coping appraisal: determinants of SMB executives' decision to adopt anti-malware software" European Journal of Information Systems (18), pp 177-187.
22. Martinez-Moyano, I.J., Rich, E., Contrad, S., Andersen, D.F. and Stewart, T.R. 2008. "A behavioral theory of insider-threat risks: A system dynamics approach" ACM Transactions on Modeling and Computer Simulation (18:2), Article 7.
23. Martins, A. and Eloff, J.H.P. 2002. "Information Security Culture" in Proceedings of the International Conference on Information Security, Cairo, Egypt.
24. Myyry, L., Siponen, M., Pahnila, S., Vertianen, T. and Vance, A. 2009. "What levels of moral reasoning and values explain adherence to information security rules? An empirical study European Journal of Information Systems (18), pp 126-139.
25. O'Halloran, J. (2003), "ICT business management for SMEs" Computer Weekly, December 11. PWC (Price Waterhouse Coopers). 2008. "Safeguarding the New Currency of Business" Price Waterhouse Coopers.
26. Richardson, R. 2008. "CSI Computer Crime & Security Survey" Computer Security Institute, San Francisco.
27. Schlienger, T. and Teufel, S. 2003. "Information Security Culture-From Analysis to Change" Proceedings of 3rd Annual Information Security South African Conference. Johannesburg, South Africa.
28. thMay, 2010, from http://www.staysmartonline.gov.au/small-business-security
29. Symantec. 2009. "2009 Global Small and Mid-sized Business (SMB) Security and Storage survey" Computerworld, Retrieved 12th May, 2010, from http://www.computerworld.com.au/article/302806/symantec_survey_reveals_more_than_half_small_midsize d_businesses_australia_new_zealand_experience
30. Thomson, K., Von Solms, R. and Louw, L. 2006. "Cultivating an organizational information security culture" Computers Fraud & Security (10), pp 7-11.
31. Van Muijen, J.J. and Koopman, P.L. 1994. "The influence of national culture on organizational culture: A comparative study between 10 countries" European Journal of Work and Organizational Psychology (4:4), pp 367-380.
32. van Niekerk, JC and von Solms, R. 2003. "Establishing an Information Security Culture in Organisations: an Outcomes-based Education Approach" Proceedings of 3rd Annual Information Security South African Conference, Johannesburg, South Africa.
33. Vitell, S. J., Nwachukwu, S. L., and Barnes, J. H. 1993. "The effects of culture on ethical decision-making: An application of Hofstede's typology" Journal of Business Ethics (12), pp 753-760.
34. Walsham, G. 1995. "The Emergence of Interpretivism in IS Research" Information Systems Research, (6:4), pp. 376-394.
35. Wang, M. 2009. "Integrating organizational, social, and individual perspectives in Web 2.0-based workplace elearning" Information Systems Frontiers (9:4), pp 343-358.
36. Warkentin, M., and Willison, R. 2009. "Behavioral and policy issues in information systems security: The insider threat" European Journal of Information Systems (18), pp 101-105.