Information security culture: literature review
AuthorO'BRIEN, JESSICA; Islam, Sabbir; Bao, Senjie; Weng, Fangren; Xiong, Wenjia; Ma, Anhua
AffiliationEngineering - Computing and Information Systems
Document TypeWorking Paper
CitationsO’Brien, J., Islam, S., Bao, S., Weng, F., Xiong, W., & Ma, A. (2013). Information security culture: literature review. Melbourne, The University of Melbourne.
Access StatusOpen Access
© 2013 The authors
An organisational culture that is information security aware will minimise risks to information assets and specifically reduce the risk of employee misbehaviour and harmful interaction with information assets. With the rise of mobility and BYOD, organisations require guidance in establishing an information security-aware or implementing an appropriately stringent information security culture. Various bodies of literature exist to address the issues that employee behaviour could pose when exposed to the diverse and complex world of BYOD. However, published articles that focus specifically on the relationship between the BYOD wave and the influence it has on the culture in an organisation are limited. Organisations therefore have need of a call for further research on pertinent issues within this area of information security culture. Organisations should understand that the consumer world moves much faster than the enterprise world; the challenge is to try and keep up. There is a need to support repeated platform renewals and mass switching - companies are forever playing catch up and running six to twelve months behind the market. Organisations need to shift the perimeter from the network barriers back towards the information itself. Mobility completely defies this view, and people respond to that. The objective of this paper is to examine how BYOD influences security culture in organisations, discuss findings and apply them to new but untested sights, paving the way for areas for further research. The paper has been divided into the following sections. First, the authors review previous relevant research on both information security culture as well as cultural issues surrounding mobility and BYOD. Second, they deliver what the literature review called out to the group as three pertinent cultural issues surrounding mobility in the workforce. Third, they discuss the results of the review and apply them towards new but untested ideas. In the final section, they discuss contributions, and conclude by emphasizing further research direction in the area.
Keywordsinformation security; Bring Your Own Device; BYOD; employee behaviour
- Click on "Export Reference in RIS Format" and choose "open with... Endnote".
- Click on "Export Reference in RIS Format". Login to Refworks, go to References => Import References