Cultivating security culture for information security success: A mixed-methods study based on anthropological perspective

The continuous information security failures in organizations have led focus toward organizational culture. It is argued that the development of culture of information security would subsequently lead to a secure organization. However, limited studies have been conducted to understand information se...

Full description

Saved in:
Bibliographic Details
Published in:Information & management 2023-04, Vol.60 (3), p.103751, Article 103751
Main Authors: Tejay, Gurvirender P.S., Mohammed, Zareef A.
Format: Article
Language:English
Subjects:
Empowerment
Group cohesiveness
Information security culture
Mixed-methods approach
Professional codes
Security awareness
Security success
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The continuous information security failures in organizations have led focus toward organizational culture. It is argued that the development of culture of information security would subsequently lead to a secure organization. However, limited studies have been conducted to understand information security culture. This study aims to understand information security culture and its impact on success with information security efforts in an organization. The research model is based on the theory of primary message systems, which is an established theory from the anthropology discipline. We followed a mixed-methods research design involving two phases of the study. In the first phase, 25 semi-structured interviews with experienced cybersecurity practitioners were conducted to develop the research model. The second phase empirically validated the research model using survey data from 473 participants who completed a web-based survey in Southeast USA from multiple companies. For data analysis, we employed Partial Least Squares - Structural Equation Modeling using SmartPLS. Our findings indicate that group cohesiveness, professional code, information security awareness, and informal work practices have significant influence on information security culture. Further, the security culture has positive impact on information security success perception. The contribution of this research lies in establishing the role of security culture and information security awareness in contributing toward information security success.
ISSN:0378-7206
1872-7530
DOI:10.1016/j.im.2022.103751