Information Security Culture: Definition, Frameworks and Assessment: A Systematic Literature Review
Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Nowadays organisations operate in a global environment which enables organisations to collaborate and share information resources among themselves but at the same time exposes them to various threats both within (employees) and from outside of the organisation. Internal threat is among the top information security issues facing organisations as the human factor is regarded the weakest link in the security chain. To address this “human factor” researchers have suggested the fostering of an information security culture to address the human behaviour so that information security becomes a second nature to employees.In order to establish an information security culture in an organisation it is important to understand what the term “information security culture” means; what frameworks and models have been proposed in order to explain and establish information security culture by discussing various issues of ISC. Another important step in fostering of information security culture is the assessment of the current state of the culture in an organisation. A systematic literature review was conducted utilizing the suggested approach by Okoli and Schabram in order to investigate key literature in information security culture domain published during the period 2002-2014 to determine the most comprehensive definition of ISC; to identify frameworks covering various aspects of information security culture along with methodologies and empirical data used; and to analyse current ISC assessment approaches in order to help researchers and practitioners in selecting the most appropriate methodology for establishing, developing and assessing information security culture in an organisation.One research team was found to contribute the most to the ISC research field by providing the most comprehensive ISC definition; developing a comprehensive framework for establishing ISC in an organisation; as well as providing a validated process for assessing current state of security culture.
Place, publisher, year, edition, pages
2015. , 79 p.
Technology, Information Security Culture, Systematic Literature Review, Framework, Assessment
IdentifiersURN: urn:nbn:se:ltu:diva-45983Local ID: 39f754fd-11f4-4047-a72f-1acdbb33e5ffOAI: oai:DiVA.org:ltu-45983DiVA: diva2:1019291
Subject / course
Student thesis, at least 30 credits
Computer Science and Engineering, master's level
Validerat; 20150325 (global_studentproject_submitter)2016-10-042016-10-04Bibliographically approved