Information security culture: literature review

    Thumbnail
    Download
    Citations
    Altmetric
    Author
    O'BRIEN, JESSICA; Islam, Sabbir; Bao, Senjie; Weng, Fangren; Xiong, Wenjia; Ma, Anhua
    Date
    2013
    University of Melbourne Author/s
    Bao, Senjie; O'BRIEN, JESSICA
    Affiliation
    Engineering - Computing and Information Systems
    Metadata
    Show full item record
    Document Type
    Working Paper
    Citations
    O’Brien, J., Islam, S., Bao, S., Weng, F., Xiong, W., & Ma, A. (2013). Information security culture: literature review. Melbourne, The University of Melbourne.
    Access Status
    Open Access
    URI
    http://hdl.handle.net/11343/33336
    Description

    © 2013 The authors
    Abstract
    An organisational culture that is information security aware will minimise risks to information assets and specifically reduce the risk of employee misbehaviour and harmful interaction with information assets. With the rise of mobility and BYOD, organisations require guidance in establishing an information security-aware or implementing an appropriately stringent information security culture. Various bodies of literature exist to address the issues that employee behaviour could pose when exposed to the diverse and complex world of BYOD. However, published articles that focus specifically on the relationship between the BYOD wave and the influence it has on the culture in an organisation are limited. Organisations therefore have need of a call for further research on pertinent issues within this area of information security culture. Organisations should understand that the consumer world moves much faster than the enterprise world; the challenge is to try and keep up. There is a need to support repeated platform renewals and mass switching - companies are forever playing catch up and running six to twelve months behind the market. Organisations need to shift the perimeter from the network barriers back towards the information itself. Mobility completely defies this view, and people respond to that. The objective of this paper is to examine how BYOD influences security culture in organisations, discuss findings and apply them to new but untested sights, paving the way for areas for further research. The paper has been divided into the following sections. First, the authors review previous relevant research on both information security culture as well as cultural issues surrounding mobility and BYOD. Second, they deliver what the literature review called out to the group as three pertinent cultural issues surrounding mobility in the workforce. Third, they discuss the results of the review and apply them towards new but untested ideas. In the final section, they discuss contributions, and conclude by emphasizing further research direction in the area.
    Keywords
    information security; Bring Your Own Device; BYOD; employee behaviour

    Export Reference in RIS Format     

    Collections