Amjad Mahfuth, S. Yussof, Asmidar Abu Bakar, N. Ali, Waleed Abdallah
{"title":"A Conceptual Model for Exploring the Factors Influencing Information Security Culture","authors":"Amjad Mahfuth, S. Yussof, Asmidar Abu Bakar, N. Ali, Waleed Abdallah","doi":"10.14257/ijsia.2017.11.5.02","DOIUrl":null,"url":null,"abstract":"Human behavior is considered as one of the main threats in an organization. Owing to the fact that human element is the weakest link in security area, it is crucial to provide an ideal information security culture within an organization in order to guide the employees’ perception, attitudes and security behavior. Furthermore, this culture can protect an organization against many information security threats posed by the employees. In this paper, we have proposed a conceptual model exploring the factors influencing the information security culture. Those factors are Security Awareness, Security Knowledge, Belief, Top Management, Security Policy, Security Behavior , Information Security Training, Security Risk Analysis and Assessment, Security Compliance, Ethical and Legal, Trust, Technology, Change Management, People, Information Security, Security Responsibility, Process, Strategy and Environment. The aim of the conceptual model would help the researchers to develop effective solutions and to provide a suitable background for information security culture across an organization. The study recommends researchers to conduct many studies in this area to focus on and investigate each of identified factors in the conceptual model in order to improve information security culture in organizations.","PeriodicalId":46187,"journal":{"name":"International Journal of Security and Its Applications","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-05-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.14257/ijsia.2017.11.5.02","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Security and Its Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14257/ijsia.2017.11.5.02","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
Human behavior is considered as one of the main threats in an organization. Owing to the fact that human element is the weakest link in security area, it is crucial to provide an ideal information security culture within an organization in order to guide the employees’ perception, attitudes and security behavior. Furthermore, this culture can protect an organization against many information security threats posed by the employees. In this paper, we have proposed a conceptual model exploring the factors influencing the information security culture. Those factors are Security Awareness, Security Knowledge, Belief, Top Management, Security Policy, Security Behavior , Information Security Training, Security Risk Analysis and Assessment, Security Compliance, Ethical and Legal, Trust, Technology, Change Management, People, Information Security, Security Responsibility, Process, Strategy and Environment. The aim of the conceptual model would help the researchers to develop effective solutions and to provide a suitable background for information security culture across an organization. The study recommends researchers to conduct many studies in this area to focus on and investigate each of identified factors in the conceptual model in order to improve information security culture in organizations.
期刊介绍:
IJSIA aims to facilitate and support research related to security technology and its applications. Our Journal provides a chance for academic and industry professionals to discuss recent progress in the area of security technology and its applications. Journal Topics: -Access Control -Ad Hoc & Sensor Network Security -Applied Cryptography -Authentication and Non-repudiation -Cryptographic Protocols -Denial of Service -E-Commerce Security -Identity and Trust Management -Information Hiding -Insider Threats and Countermeasures -Intrusion Detection & Prevention -Network & Wireless Security -Peer-to-Peer Security -Privacy and Anonymity -Secure installation, generation and operation -Security Analysis Methodologies -Security assurance -Security in Software Outsourcing -Security products or systems -Security technology -Systems and Data Security