Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Information Security Culture: Definition, Frameworks and Assessment: A Systematic Literature Review
2015 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Nowadays organisations operate in a global environment which enables organisations to collaborate and share information resources among themselves but at the same time exposes them to various threats both within (employees) and from outside of the organisation. Internal threat is among the top information security issues facing organisations as the human factor is regarded the weakest link in the security chain. To address this “human factor” researchers have suggested the fostering of an information security culture to address the human behaviour so that information security becomes a second nature to employees.In order to establish an information security culture in an organisation it is important to understand what the term “information security culture” means; what frameworks and models have been proposed in order to explain and establish information security culture by discussing various issues of ISC. Another important step in fostering of information security culture is the assessment of the current state of the culture in an organisation. A systematic literature review was conducted utilizing the suggested approach by Okoli and Schabram in order to investigate key literature in information security culture domain published during the period 2002-2014 to determine the most comprehensive definition of ISC; to identify frameworks covering various aspects of information security culture along with methodologies and empirical data used; and to analyse current ISC assessment approaches in order to help researchers and practitioners in selecting the most appropriate methodology for establishing, developing and assessing information security culture in an organisation.One research team was found to contribute the most to the ISC research field by providing the most comprehensive ISC definition; developing a comprehensive framework for establishing ISC in an organisation; as well as providing a validated process for assessing current state of security culture.

Place, publisher, year, edition, pages
2015. , 79 p.
Keyword [en]
Technology, Information Security Culture, Systematic Literature Review, Framework, Assessment
Keyword [sv]
Teknik
Identifiers
URN: urn:nbn:se:ltu:diva-45983Local ID: 39f754fd-11f4-4047-a72f-1acdbb33e5ffOAI: oai:DiVA.org:ltu-45983DiVA: diva2:1019291
Subject / course
Student thesis, at least 30 credits
Educational program
Computer Science and Engineering, master's level
Examiners
Note
Validerat; 20150325 (global_studentproject_submitter)Available from: 2016-10-04 Created: 2016-10-04Bibliographically approved

Open Access in DiVA

fulltext(820 kB)273 downloads
File information
File name FULLTEXT02.pdfFile size 820 kBChecksum SHA-512
346b074a3ce3cc4b13060bc84b22fb8d5e02e4c2b75f5156e356d5137bc95e46ea491630aaec74cdc6d600e2a9e1e374c7bc938a36e40d55d0d0e4b020f12e2a
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
O'Regan Pevchikh, Evgeniya

Search outside of DiVA

GoogleGoogle Scholar
Total: 273 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 195 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf