探讨信息安全文化影响因素的概念模型

International Journal of Security and Its Applications Pub Date : 2017-05-31 DOI:10.14257/ijsia.2017.11.5.02

Amjad Mahfuth, S. Yussof, Asmidar Abu Bakar, N. Ali, Waleed Abdallah

{"title":"探讨信息安全文化影响因素的概念模型","authors":"Amjad Mahfuth, S. Yussof, Asmidar Abu Bakar, N. Ali, Waleed Abdallah","doi":"10.14257/ijsia.2017.11.5.02","DOIUrl":null,"url":null,"abstract":"Human behavior is considered as one of the main threats in an organization. Owing to the fact that human element is the weakest link in security area, it is crucial to provide an ideal information security culture within an organization in order to guide the employees’ perception, attitudes and security behavior. Furthermore, this culture can protect an organization against many information security threats posed by the employees. In this paper, we have proposed a conceptual model exploring the factors influencing the information security culture. Those factors are Security Awareness, Security Knowledge, Belief, Top Management, Security Policy, Security Behavior , Information Security Training, Security Risk Analysis and Assessment, Security Compliance, Ethical and Legal, Trust, Technology, Change Management, People, Information Security, Security Responsibility, Process, Strategy and Environment. The aim of the conceptual model would help the researchers to develop effective solutions and to provide a suitable background for information security culture across an organization. The study recommends researchers to conduct many studies in this area to focus on and investigate each of identified factors in the conceptual model in order to improve information security culture in organizations.","PeriodicalId":46187,"journal":{"name":"International Journal of Security and Its Applications","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-05-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.14257/ijsia.2017.11.5.02","citationCount":"2","resultStr":"{\"title\":\"A Conceptual Model for Exploring the Factors Influencing Information Security Culture\",\"authors\":\"Amjad Mahfuth, S. Yussof, Asmidar Abu Bakar, N. Ali, Waleed Abdallah\",\"doi\":\"10.14257/ijsia.2017.11.5.02\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Human behavior is considered as one of the main threats in an organization. Owing to the fact that human element is the weakest link in security area, it is crucial to provide an ideal information security culture within an organization in order to guide the employees’ perception, attitudes and security behavior. Furthermore, this culture can protect an organization against many information security threats posed by the employees. In this paper, we have proposed a conceptual model exploring the factors influencing the information security culture. Those factors are Security Awareness, Security Knowledge, Belief, Top Management, Security Policy, Security Behavior , Information Security Training, Security Risk Analysis and Assessment, Security Compliance, Ethical and Legal, Trust, Technology, Change Management, People, Information Security, Security Responsibility, Process, Strategy and Environment. The aim of the conceptual model would help the researchers to develop effective solutions and to provide a suitable background for information security culture across an organization. The study recommends researchers to conduct many studies in this area to focus on and investigate each of identified factors in the conceptual model in order to improve information security culture in organizations.\",\"PeriodicalId\":46187,\"journal\":{\"name\":\"International Journal of Security and Its Applications\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-05-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://sci-hub-pdf.com/10.14257/ijsia.2017.11.5.02\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Security and Its Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.14257/ijsia.2017.11.5.02\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Security and Its Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14257/ijsia.2017.11.5.02","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

人的行为被认为是组织中的主要威胁之一。鉴于人的因素是安全领域最薄弱的环节，在组织内部提供一种理想的信息安全文化，以指导员工的感知、态度和安全行为至关重要。此外，这种文化可以保护组织免受员工带来的许多信息安全威胁。在本文中，我们提出了一个概念模型，探讨了影响信息安全文化的因素。这些因素包括安全意识、安全知识、信念、最高管理层、安全政策、安全行为、信息安全培训、安全风险分析和评估、安全合规性、道德和法律、信任、技术、变革管理、人员、信息安全、安全责任、流程、战略和环境。概念模型的目的是帮助研究人员制定有效的解决方案，并为整个组织的信息安全文化提供合适的背景。该研究建议研究人员在这一领域进行许多研究，重点关注和调查概念模型中的每一个已确定因素，以改善组织中的信息安全文化。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

A Conceptual Model for Exploring the Factors Influencing Information Security Culture

Human behavior is considered as one of the main threats in an organization. Owing to the fact that human element is the weakest link in security area, it is crucial to provide an ideal information security culture within an organization in order to guide the employees’ perception, attitudes and security behavior. Furthermore, this culture can protect an organization against many information security threats posed by the employees. In this paper, we have proposed a conceptual model exploring the factors influencing the information security culture. Those factors are Security Awareness, Security Knowledge, Belief, Top Management, Security Policy, Security Behavior , Information Security Training, Security Risk Analysis and Assessment, Security Compliance, Ethical and Legal, Trust, Technology, Change Management, People, Information Security, Security Responsibility, Process, Strategy and Environment. The aim of the conceptual model would help the researchers to develop effective solutions and to provide a suitable background for information security culture across an organization. The study recommends researchers to conduct many studies in this area to focus on and investigate each of identified factors in the conceptual model in order to improve information security culture in organizations.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Security and Its Applications COMPUTER SCIENCE, INFORMATION SYSTEMS-

自引率

0.00%

发文量

期刊介绍： IJSIA aims to facilitate and support research related to security technology and its applications. Our Journal provides a chance for academic and industry professionals to discuss recent progress in the area of security technology and its applications. Journal Topics: -Access Control -Ad Hoc & Sensor Network Security -Applied Cryptography -Authentication and Non-repudiation -Cryptographic Protocols -Denial of Service -E-Commerce Security -Identity and Trust Management -Information Hiding -Insider Threats and Countermeasures -Intrusion Detection & Prevention -Network & Wireless Security -Peer-to-Peer Security -Privacy and Anonymity -Secure installation, generation and operation -Security Analysis Methodologies -Security assurance -Security in Software Outsourcing -Security products or systems -Security technology -Systems and Data Security