Loading…
Cultivating security culture for information security success: A mixed-methods study based on anthropological perspective
The continuous information security failures in organizations have led focus toward organizational culture. It is argued that the development of culture of information security would subsequently lead to a secure organization. However, limited studies have been conducted to understand information se...
Saved in:
| Published in: | Information & management 2023-04, Vol.60 (3), p.103751, Article 103751 |
|---|---|
| Main Authors: | , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites Items that cite this one |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | cdi_FETCH-LOGICAL-c294t-8adfb3ec1a5a3de82f5784261792822edca30897097adb3bc0dd557255ac15453 |
|---|---|
| cites | cdi_FETCH-LOGICAL-c294t-8adfb3ec1a5a3de82f5784261792822edca30897097adb3bc0dd557255ac15453 |
| container_end_page | |
| container_issue | 3 |
| container_start_page | 103751 |
| container_title | Information & management |
| container_volume | 60 |
| creator | Tejay, Gurvirender P.S. Mohammed, Zareef A. |
| description | The continuous information security failures in organizations have led focus toward organizational culture. It is argued that the development of culture of information security would subsequently lead to a secure organization. However, limited studies have been conducted to understand information security culture. This study aims to understand information security culture and its impact on success with information security efforts in an organization. The research model is based on the theory of primary message systems, which is an established theory from the anthropology discipline. We followed a mixed-methods research design involving two phases of the study. In the first phase, 25 semi-structured interviews with experienced cybersecurity practitioners were conducted to develop the research model. The second phase empirically validated the research model using survey data from 473 participants who completed a web-based survey in Southeast USA from multiple companies. For data analysis, we employed Partial Least Squares - Structural Equation Modeling using SmartPLS. Our findings indicate that group cohesiveness, professional code, information security awareness, and informal work practices have significant influence on information security culture. Further, the security culture has positive impact on information security success perception. The contribution of this research lies in establishing the role of security culture and information security awareness in contributing toward information security success. |
| doi_str_mv | 10.1016/j.im.2022.103751 |
| format | article |
| fullrecord | <record><control><sourceid>elsevier_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1016_j_im_2022_103751</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0378720622001598</els_id><sourcerecordid>S0378720622001598</sourcerecordid><originalsourceid>FETCH-LOGICAL-c294t-8adfb3ec1a5a3de82f5784261792822edca30897097adb3bc0dd557255ac15453</originalsourceid><addsrcrecordid>eNp1UMtqwzAQFKWFpmnvPeoHnOoRRXJuIfQFgV7as5CldaJgW0ayQ_33VUihp-5hlx1mdodB6JGSBSV09XRc-HbBCGN55VLQKzSjSrJCCk6u0SxjqpCMrG7RXUpHkkuW5QxN27EZ_MkMvtvjBHaMfpiwzeAYAdchYt_l3mZC6P4IabQWUlrjDW79N7iiheEQXMJpGN2EK5PA4Sww3XCIoQ9N2HtrGtxDTD3Y_BHu0U1tmgQPv3OOvl6eP7dvxe7j9X272RWWlcuhUMbVFQdLjTDcgWK1kGrJVlSWTDEGzhpOVClJKY2reGWJc0JIJoSxVCwFnyNyuWtjSClCrfvoWxMnTYk-R6eP2rf6HJ2-RJcl64sEsq-Th6iT9dBZcD5m89oF_7_4B_4neY0</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Cultivating security culture for information security success: A mixed-methods study based on anthropological perspective</title><source>ScienceDirect Freedom Collection 2022-2024</source><creator>Tejay, Gurvirender P.S. ; Mohammed, Zareef A.</creator><creatorcontrib>Tejay, Gurvirender P.S. ; Mohammed, Zareef A.</creatorcontrib><description>The continuous information security failures in organizations have led focus toward organizational culture. It is argued that the development of culture of information security would subsequently lead to a secure organization. However, limited studies have been conducted to understand information security culture. This study aims to understand information security culture and its impact on success with information security efforts in an organization. The research model is based on the theory of primary message systems, which is an established theory from the anthropology discipline. We followed a mixed-methods research design involving two phases of the study. In the first phase, 25 semi-structured interviews with experienced cybersecurity practitioners were conducted to develop the research model. The second phase empirically validated the research model using survey data from 473 participants who completed a web-based survey in Southeast USA from multiple companies. For data analysis, we employed Partial Least Squares - Structural Equation Modeling using SmartPLS. Our findings indicate that group cohesiveness, professional code, information security awareness, and informal work practices have significant influence on information security culture. Further, the security culture has positive impact on information security success perception. The contribution of this research lies in establishing the role of security culture and information security awareness in contributing toward information security success.</description><identifier>ISSN: 0378-7206</identifier><identifier>EISSN: 1872-7530</identifier><identifier>DOI: 10.1016/j.im.2022.103751</identifier><language>eng</language><publisher>Elsevier B.V</publisher><subject>Empowerment ; Group cohesiveness ; Information security culture ; Mixed-methods approach ; Professional codes ; Security awareness ; Security success</subject><ispartof>Information & management, 2023-04, Vol.60 (3), p.103751, Article 103751</ispartof><rights>2022</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c294t-8adfb3ec1a5a3de82f5784261792822edca30897097adb3bc0dd557255ac15453</citedby><cites>FETCH-LOGICAL-c294t-8adfb3ec1a5a3de82f5784261792822edca30897097adb3bc0dd557255ac15453</cites><orcidid>0000-0003-3135-4699</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,27924,27925</link.rule.ids></links><search><creatorcontrib>Tejay, Gurvirender P.S.</creatorcontrib><creatorcontrib>Mohammed, Zareef A.</creatorcontrib><title>Cultivating security culture for information security success: A mixed-methods study based on anthropological perspective</title><title>Information & management</title><description>The continuous information security failures in organizations have led focus toward organizational culture. It is argued that the development of culture of information security would subsequently lead to a secure organization. However, limited studies have been conducted to understand information security culture. This study aims to understand information security culture and its impact on success with information security efforts in an organization. The research model is based on the theory of primary message systems, which is an established theory from the anthropology discipline. We followed a mixed-methods research design involving two phases of the study. In the first phase, 25 semi-structured interviews with experienced cybersecurity practitioners were conducted to develop the research model. The second phase empirically validated the research model using survey data from 473 participants who completed a web-based survey in Southeast USA from multiple companies. For data analysis, we employed Partial Least Squares - Structural Equation Modeling using SmartPLS. Our findings indicate that group cohesiveness, professional code, information security awareness, and informal work practices have significant influence on information security culture. Further, the security culture has positive impact on information security success perception. The contribution of this research lies in establishing the role of security culture and information security awareness in contributing toward information security success.</description><subject>Empowerment</subject><subject>Group cohesiveness</subject><subject>Information security culture</subject><subject>Mixed-methods approach</subject><subject>Professional codes</subject><subject>Security awareness</subject><subject>Security success</subject><issn>0378-7206</issn><issn>1872-7530</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><recordid>eNp1UMtqwzAQFKWFpmnvPeoHnOoRRXJuIfQFgV7as5CldaJgW0ayQ_33VUihp-5hlx1mdodB6JGSBSV09XRc-HbBCGN55VLQKzSjSrJCCk6u0SxjqpCMrG7RXUpHkkuW5QxN27EZ_MkMvtvjBHaMfpiwzeAYAdchYt_l3mZC6P4IabQWUlrjDW79N7iiheEQXMJpGN2EK5PA4Sww3XCIoQ9N2HtrGtxDTD3Y_BHu0U1tmgQPv3OOvl6eP7dvxe7j9X272RWWlcuhUMbVFQdLjTDcgWK1kGrJVlSWTDEGzhpOVClJKY2reGWJc0JIJoSxVCwFnyNyuWtjSClCrfvoWxMnTYk-R6eP2rf6HJ2-RJcl64sEsq-Th6iT9dBZcD5m89oF_7_4B_4neY0</recordid><startdate>202304</startdate><enddate>202304</enddate><creator>Tejay, Gurvirender P.S.</creator><creator>Mohammed, Zareef A.</creator><general>Elsevier B.V</general><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0000-0003-3135-4699</orcidid></search><sort><creationdate>202304</creationdate><title>Cultivating security culture for information security success: A mixed-methods study based on anthropological perspective</title><author>Tejay, Gurvirender P.S. ; Mohammed, Zareef A.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c294t-8adfb3ec1a5a3de82f5784261792822edca30897097adb3bc0dd557255ac15453</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Empowerment</topic><topic>Group cohesiveness</topic><topic>Information security culture</topic><topic>Mixed-methods approach</topic><topic>Professional codes</topic><topic>Security awareness</topic><topic>Security success</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Tejay, Gurvirender P.S.</creatorcontrib><creatorcontrib>Mohammed, Zareef A.</creatorcontrib><collection>CrossRef</collection><jtitle>Information & management</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Tejay, Gurvirender P.S.</au><au>Mohammed, Zareef A.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Cultivating security culture for information security success: A mixed-methods study based on anthropological perspective</atitle><jtitle>Information & management</jtitle><date>2023-04</date><risdate>2023</risdate><volume>60</volume><issue>3</issue><spage>103751</spage><pages>103751-</pages><artnum>103751</artnum><issn>0378-7206</issn><eissn>1872-7530</eissn><abstract>The continuous information security failures in organizations have led focus toward organizational culture. It is argued that the development of culture of information security would subsequently lead to a secure organization. However, limited studies have been conducted to understand information security culture. This study aims to understand information security culture and its impact on success with information security efforts in an organization. The research model is based on the theory of primary message systems, which is an established theory from the anthropology discipline. We followed a mixed-methods research design involving two phases of the study. In the first phase, 25 semi-structured interviews with experienced cybersecurity practitioners were conducted to develop the research model. The second phase empirically validated the research model using survey data from 473 participants who completed a web-based survey in Southeast USA from multiple companies. For data analysis, we employed Partial Least Squares - Structural Equation Modeling using SmartPLS. Our findings indicate that group cohesiveness, professional code, information security awareness, and informal work practices have significant influence on information security culture. Further, the security culture has positive impact on information security success perception. The contribution of this research lies in establishing the role of security culture and information security awareness in contributing toward information security success.</abstract><pub>Elsevier B.V</pub><doi>10.1016/j.im.2022.103751</doi><orcidid>https://orcid.org/0000-0003-3135-4699</orcidid></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0378-7206 |
| ispartof | Information & management, 2023-04, Vol.60 (3), p.103751, Article 103751 |
| issn | 0378-7206 1872-7530 |
| language | eng |
| recordid | cdi_crossref_primary_10_1016_j_im_2022_103751 |
| source | ScienceDirect Freedom Collection 2022-2024 |
| subjects | Empowerment Group cohesiveness Information security culture Mixed-methods approach Professional codes Security awareness Security success |
| title | Cultivating security culture for information security success: A mixed-methods study based on anthropological perspective |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-06T03%3A02%3A02IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-elsevier_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Cultivating%20security%20culture%20for%20information%20security%20success:%20A%20mixed-methods%20study%20based%20on%20anthropological%20perspective&rft.jtitle=Information%20&%20management&rft.au=Tejay,%20Gurvirender%20P.S.&rft.date=2023-04&rft.volume=60&rft.issue=3&rft.spage=103751&rft.pages=103751-&rft.artnum=103751&rft.issn=0378-7206&rft.eissn=1872-7530&rft_id=info:doi/10.1016/j.im.2022.103751&rft_dat=%3Celsevier_cross%3ES0378720622001598%3C/elsevier_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c294t-8adfb3ec1a5a3de82f5784261792822edca30897097adb3bc0dd557255ac15453%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |