{"title":"Information Security Culture Model. A Case Study","authors":"W. Marchand-Niño, Héctor Huamán Samaniego","doi":"10.1109/CLEI53233.2021.9639939","DOIUrl":null,"url":null,"abstract":"This research covers the problem related to user behavior and its relationship with the protection of computer assets in terms of confidentiality, integrity, and availability. The main objective was to evaluate the relationship between the dimensions of awareness, compliance and appropriation of the information security culture and the asset protection variable, the ISCA diagnostic instrument was applied, and social engineering techniques were incorporated for this process. The results show the levels of awareness, compliance and appropriation of the university that was considered as a case study, these oscillate between the second and third level of four levels. Similarly, the performance regarding asset protection ranges from low to medium. It was concluded that there is a significant relationship between the variables of the investigation, verifying that of the total types of incidents registered in the study case, approximately 69% are associated with human behavior. As a contribution, an information security culture model was formulated whose main characteristic is a complementary diagnostic process between surveys and social engineering techniques, the model also includes the information security management system, risk management and security incident handling as part of the information security culture ecosystem in an enterprise.","PeriodicalId":6803,"journal":{"name":"2021 XLVII Latin American Computing Conference (CLEI)","volume":"39 5 1","pages":"1-10"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 XLVII Latin American Computing Conference (CLEI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CLEI53233.2021.9639939","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
This research covers the problem related to user behavior and its relationship with the protection of computer assets in terms of confidentiality, integrity, and availability. The main objective was to evaluate the relationship between the dimensions of awareness, compliance and appropriation of the information security culture and the asset protection variable, the ISCA diagnostic instrument was applied, and social engineering techniques were incorporated for this process. The results show the levels of awareness, compliance and appropriation of the university that was considered as a case study, these oscillate between the second and third level of four levels. Similarly, the performance regarding asset protection ranges from low to medium. It was concluded that there is a significant relationship between the variables of the investigation, verifying that of the total types of incidents registered in the study case, approximately 69% are associated with human behavior. As a contribution, an information security culture model was formulated whose main characteristic is a complementary diagnostic process between surveys and social engineering techniques, the model also includes the information security management system, risk management and security incident handling as part of the information security culture ecosystem in an enterprise.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
