A Behavioural Compliance Framework for Effective Cybersecurity Governance and Practice

Onumo, Aristotle O.

January 2020

Although behavioural security constructs have received extensive scholarly attention, the unpredictability of human behaviour has continued to add to the complexity of deploying effective countermeasures. Cross-cultural behavioural approach aimed at improving security compliance and practice have equally remained under-researched, a gap in literature this thesis addresses. This thesis argues that in order to establish a sound and efficient organisational security practice, it is necessary to integrate the various interdisciplinary component in a socio-cultural context. The goal of the thesis, therefore, is to examine the role of culture in cybersecurity development and organisational security practice. The study first used a group comparism approach, classification and examination of archival data from International Telecommunication Union (ITU), International Organisation of Standards (ISO), and Hofstede cultural score and further deployed structural equation modelling (SEM) to analyse data from a case study of 122 employees from three public sector information technology organisation in Nigeria. Drawing evidence from the case studies, an emergent conceptual model was developed from the traditional human behaviour and organisational security practice. The model contribute to information security management by by identifying organisational triggers related to cultural and cognitive dynamics in information security practice. The model was developed by combining three theoretical frameworks. The out- come of the case studies demonstrates that accountability to specific security practice is a product of integrated management of employee cognitive and cultural dynamics and by dimensionalising organisational culture, the individual capacity to respond to emerging security threats also evolved, while targeted security programs to enhance the efficiency of organisational security practice is achieved. This research, by exposing the underlying institutional drivers and ideational dynamics on individual security behaviour contribute to theory building of behavioural security research within organisational context. The research reports on the theory of integration as a demonstration of explanatory flexibility not normally associated with behaviour security models thereby providing a sound theoretical and ideational support for incorporating different theoretical frameworks into a single model. This is an original endeavour and s such makes a number of contribution to the scholarship. The findings in this research have implications for policymakers and practitioners by elevating the importance of cultural and cognitive dynamics by enhancing operational clarity in organisational security practice and presenting opportunity to develop a creative and robust solution to the challenge of organisational security in line with cultural peculiarities.

Organisational security practice

Structural equation modeling

Cybersecurity

Organisational culture

Cybersecurity compliance

Automating Security Risk and Requirements Management for Cyber-Physical Systems

Hansch, Gerhard

15 October 2020

No description available.

510

Management von Sicherheitsrisiken

Generieren von Sicherheitsanforderungen

IT-Sicherheitsmanagement

Kontinuierliches Risikomanagement

Cybersecurity engineering

Security risk management

Machine-readable security requirements

Risk-driven security

Security engineering

Security requirements

Security risk assessment

Security risk mitigation

Security risk monitoring

Cybersecurity compliance

Automotive security

CPS security

IIoT security

OT security

Informatik (PPN619939052)