Change search
ReferencesLink to record
Permanent link

Direct link
Information Security Culture: Definition, Frameworks and Assessment: A Systematic Literature Review
2015 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Nowadays organisations operate in a global environment which enables organisations to collaborate and share information resources among themselves but at the same time exposes them to various threats both within (employees) and from outside of the organisation. Internal threat is among the top information security issues facing organisations as the human factor is regarded the weakest link in the security chain. To address this “human factor” researchers have suggested the fostering of an information security culture to address the human behaviour so that information security becomes a second nature to employees.In order to establish an information security culture in an organisation it is important to understand what the term “information security culture” means; what frameworks and models have been proposed in order to explain and establish information security culture by discussing various issues of ISC. Another important step in fostering of information security culture is the assessment of the current state of the culture in an organisation. A systematic literature review was conducted utilizing the suggested approach by Okoli and Schabram in order to investigate key literature in information security culture domain published during the period 2002-2014 to determine the most comprehensive definition of ISC; to identify frameworks covering various aspects of information security culture along with methodologies and empirical data used; and to analyse current ISC assessment approaches in order to help researchers and practitioners in selecting the most appropriate methodology for establishing, developing and assessing information security culture in an organisation.One research team was found to contribute the most to the ISC research field by providing the most comprehensive ISC definition; developing a comprehensive framework for establishing ISC in an organisation; as well as providing a validated process for assessing current state of security culture.

Place, publisher, year, edition, pages
2015. , 79 p.
Keyword [en]
Technology, Information Security Culture, Systematic Literature Review, Framework, Assessment
Keyword [sv]
URN: urn:nbn:se:ltu:diva-45983Local ID: 39f754fd-11f4-4047-a72f-1acdbb33e5ffOAI: diva2:1019291
Subject / course
Student thesis, at least 30 credits
Educational program
Computer Science and Engineering, master's level
Validerat; 20150325 (global_studentproject_submitter)Available from: 2016-10-04 Created: 2016-10-04Bibliographically approved

Open Access in DiVA

fulltext(820 kB)0 downloads
File information
File name FULLTEXT02.pdfFile size 820 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
O'Regan Pevchikh, Evgeniya

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

ReferencesLink to record
Permanent link

Direct link