Information security culture: A behaviour compliance conceptual framework

Conferences in Research and Practice in Information Technology Series

Volumn 105, Issue , 2010, Pages 47-55

  Alfawaz, Salahuddin ^a   Nelson, Karen ^a   Mohannak, Kavoos ^a  

^a QUEENSLAND UNIVERSITY OF TECHNOLOGY   (Australia)

Author keywords

Conceptual framework; Information security behaviour and compliance; Information security culture; Information security management

Indexed keywords

COMPLEX DYNAMICS; CONCEPTUAL FRAMEWORKS; DEPARTMENT MANAGERS; EXPLORATORY STUDIES; HUMAN BEHAVIOURS; INDIVIDUAL PREFERENCE; INFORMATION SECURITY MANAGEMENTS; INFORMATION SECURITY PRACTICE; IT STAFF; ORGANISATIONAL CULTURE; SAUDI ARABIA; SENIOR MANAGERS; SOCIAL ENVIRONMENT; SOCIAL WORK; THEORETICAL MODELS;

INDUSTRIAL MANAGEMENT; MANAGERS; SECURITY SYSTEMS;

SECURITY OF DATA;

EID: 84871230507     PISSN: 14451336     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Article

References (26)

1. Ajzen, I. (1985). From Intentions to Actions: A Theory of Planned Behavior. Springer, Heidelberg, Germany.
2. Chia, A., Ruighaver, B., and Maynard, B. (2002). Understanding organizational security culture. Proc. of PACIS2002, Japan.
3. Dhillon, G. (2001). Violation of safeguards by trusted personnel and understanding related information security concerns. Computers & Security, 20:165-172.
4. Dhillon, G., Tejay, G., and Hong, W. (2007). Identifying governance dimensions to evaluate information systems security in organizations. Proceedings of the 40th Annual Hawaii International Conference on System Sciences (HICSS'07), comuter security,IEEE.
5. Dhillon, G. and Torkzadeh (2006). Valuefocused assessment of information system security in organizations. Information Systems Journal, 16:293-314.
6. Fishbein, M. and Ajzen, I. (1975). Belief, attitude, intention and behavior: an introduction to theory and research. Addison-Wesley, Reading, MA.
7. Friedman, M. and Savage, L. (1948). The utility analysis of choices involving risk. Journal of Political Economy, 56:279-304.
8. Hofstede, G. (1984). Cultures consequences: International differences in workrelated values. Beverly Hills, CA: Sage Publications.
9. Parsons, J. (1996). An information model based on classication theory. Management Science, 42(10):1437-1453.
10. Pfeffer and Sutton (2000). How Smart Companies Turn Knowledge into Action. Harvard Business Press.
11. Ruighaver, A., Maynard, S., and Chang, S. (2007). Organisational security culture: Extending the enduser perspective. Computers & Security, 26(1):56-62.
12. Schlienger, T. and Teufel, S. (2002.). Information security culture the sociocultural dimension in information security management. FIP TC11 international conference on information security, Cairo, Egypt; 7-9 May 2002.
13. Schlienger, T. and Teufel, S. (2003). Analyzing information security culture: increased trust by an appropriate information security culture. Database and Expert Systems Applications, 2003. Proceedings. 14th International Workshop on, pages 405-409.
14. Siponen, M. (2000). Critical analysis of different approaches to minimizing userrelated faults in information systems security: implications for research and practice. Information Management & Computer Security, 8(5):197-209.
15. Siponen, M. and Oinas-Kukkonen, H. (2007). A review of information security issues and respective research contributions. SIGMIS Database, 38(1):60-80.
16. Smith, E. and Medin, D. (1981). Categoriesa nd Concepts. Harvard University Press, Cambridge, MA. Stanton, M., Stam, R., Mastrangelo, P., and Jolton,.
17. Stanton, M., Stam, R., Mastrangelo, P., and Jolton, J. (2005). Analysis of end user security behaviors. Journal of Computers and Security, 24:124-133.
18. Stout, L., Blair, and Margaret, M. (2001). Trust, trustworthiness, and the behavioral foundations of corporate law. SSRN eLibrary.
19. Straub, D. W., Carlson, P. J., and Jones, E. H. (1993). Deterring cheating by student programmers: A eld experiment in computer security. Journal of Management Systems, 5:33-48.
20. Straub, D. W. and Nance, W. D. (1990). Discovering and disciplining computer abuse in organizations: A eld study. MIS Quarterly, 14:45-62.
21. Tyler, T., Patrick, C., and Jeffrey, F. (2007). Armed, and dangerous (?): Motivating rule adherence among agents of social control. Law & Society Review.
22. von Solms, B. and von Solms, R. (2004). The 10 deadly sins of information security management. computers and security. Computers and Security, 23:371-376.
23. Vroom, C. and von Solms, R. (2004). Towards information security behavioral compliance. Computers & Security, 23(3):191-198.
24. Workman, M., Bommer, W. H., and Straub, D. (2008). Security lapses and the omission of information security measures: A threat control model and empirical test. Computers in Human Behavior, 24:2799-2816.
25. Zakaria (2004). Understanding challenges of information security culture: a methodological issue. In the second Australian information security management conference, Perth, Australia; 26 November 2004.
26. Zakaria, O. and Gani, A. (2003). A conceptual checklist of information security culture. In in 2nd European Conference on Information Warfare and Security, Reading, UK.