• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 13
  • 2
  • 2
  • 1
  • 1
  • Tagged with
  • 24
  • 24
  • 17
  • 8
  • 7
  • 7
  • 7
  • 7
  • 7
  • 6
  • 6
  • 6
  • 6
  • 6
  • 6
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Cultivating and assessing information security culture

Da Veiga, Adele 24 April 2009 (has links)
The manner in which employees perceive and interact (behave) with controls implemented to protect information assets is one of the main threats to the protection of such assets and the effective use of information security controls. Should the interaction not be conducive to the protection of the information assets, it could have a profound impact on the profit of an organisation, productive working hours could be lost, confidential information might be disclosed to unauthorised people and compliance with legal and regulatory regulations could be affected - all this, despite the fact that adequate technical and procedural controls might be in place. Current research highlights the importance of a strong information security culture to address the threat that employee behaviour poses to the protection of information assets. Various research perspectives propose how an acceptable level of information security culture should be cultivated, and how to assess this culture to determine whether it is on an acceptable level. These approaches are however not adequate to cultivate information security culture, as all the relevant information security components and the influences on the information security culture have to be considered. This leads to the question as to whether the assessment instruments proposed to assess the information security culture are indeed adequate and valid. The main contribution of this research relates to the development of an information security culture framework and process consisting of an assessment instrument to assess information security culture. In order to develop the information security culture framework, the researcher developed a Comprehensive Information Security Framework (CISF) that equips organisations with a holistic approach to the implementation of information security. The framework provides a single point of reference for the governance of information security. The Information Security Culture Framework (ISCF) is developed using the CISF as foundation. The ISCF can be used by organisations to cultivate an information security culture conducive to the protection of information assets. It considers all the components required for information security culture, namely information security, organisational culture and organisational behaviour. It integrates the aforementioned concepts and illustrates the influence between the components. The ISCF further serves as a basis for designing an information security culture assessment instrument. This instrument is incorporated as part of an Information Security Culture Assessment process (lSCULA) defined by the researcher. ISCULA provides management with the steps to conduct an information security culture assessment, as well as the steps to validate the assessment instrument. The application of ISCULA is tested in an empirical study conducted in an organisation. It illustrates how to validate an information security culture assessment instrument by ensuring that it is designed based on the ISCF and meets the statistical requirements for a valid and reliable assessment instrument. Both the ISCF and the ISCULA process can ultimately be deployed by organisations to minimise the threat that employee behaviour poses to the protection of information assets. / Thesis (PhD)--University of Pretoria, 2009. / Computer Science / unrestricted
2

Understanding Information Security Culture in an Organization: An Interpretive Case Study

Bess, Donald Arlo 01 January 2012 (has links)
Information systems are considered to be a critical and strategic part of most organizations today. Because of this it has become increasingly important to ensure that there is an effective information security program in place protecting those information systems. It has been well established by researchers that the success of an information security program is heavily dependent upon the actions of the organizational members that interact with the information security program. Because of the interaction between people and the information security program an appropriate information security culture is required to effectively influence and control the actions of the members within that organization. While the importance of an information security culture has been well established by researchers there has been little research conducted to date that assist in understanding and managing information security culture within organizations. To expand the body of knowledge in this area this study will explore the information security culture of a large organization using interpretive case study methodology. The use of semi-structured interviews to collect data has allowed the researcher to report back their interpretation of shared meanings, consciousness, language and artifacts observed while at the research site. Structuration theory was applied as a theoretical lens with which to better understand information security culture and explore ways in which organizations can better understand and manage information security culture. We found structures of signification and legitimacy were the most influential on employee's behavior towards information security. While the structure of domination exerted minimal influence over employee's behavior. This research study contributes to the existing body of knowledge regarding information security culture by examining the role of structural properties exhibited within information security culture. Structural properties of information security culture have not been adequately considered within the existing literature. By expanding our understanding of the role of social structures such as systems of meaning, power and legitimacy on information security culture researchers will have a deeper understanding of this phenomena call information security culture. This will enable us to better understand how to develop and manage an appropriate information security culture.
3

The Dual-Driven Treaty : Examining how the TPNW could contribute to a security culture centered around human security.

Costelius, Beatrice January 2024 (has links)
The TPNW came into force in January 2021, marking a significant departure within the global disarmament regime by advocating for the complete abolition of nuclear weapons. Despite its ambitious goals, the treaty has faced criticism from nuclear weapons states, particularly regarding its suggested lack of international security dimensions. This thesis aims to examine the dual aspects of security and humanitarian concerns within the framework of the TPNW. Using a thematic analysis of documents from the TPNW framework, the research investigates how the treaty’s humanitarian and security-driven sides could contribute to fostering a security culture centered around human security. Drawing upon Mary Kaldor’s definition of the two security cultures liberal peace and geo-politics, the thesis explores how the TPNW could be part of shaping a security culture centered around human security and concludes that the Treaty has the potential to foster such international security culture.
4

Framework for Adoption of Information and Communication Technology security culture in SMMEs in Gauteng Province, South Africa

Mokwetli, M. A. January 2019 (has links)
M. Tech. (Department of Information Technology, Faculty of Applied and Computer Sciences), Vaal University of Technology. / Information and Communication Technology (ICT) has become prevalent in our everyday business and personal lives. As such, users and organisations must know how to protect themselves against human errors that led to more companies losing or sharing information that should not be shared. The issue emanates from lack of ICT security culture both in individuals and organisations. This research is based on a wide theoretical review that is focused on proposing a conceptual model on technological, environmental and organisational factors that influence the adoption of ICT security culture and implementation in Small Medium and Micro Enterprises (SMMEs). Factors or determinants that influence the adoption of ICT security culture in SMMEs in the Gauteng province were investigated. Questionnaires were distributed to examine the perception of ICT security culture adoption among SMMEs in the Gauteng province South Africa. A sample of 647 individuals from different SMMEs in the Gauteng province returned the questionnaire. The results of the research study show that technological context (perceived benefits), environmental context (government regulations) and organisational context (management support) determinants have direct influence on the ICT security culture adoption. The recommendation is that information security awareness programmes must be put in place. Further research is recommended using more determinants that might have a positive impact toward the adoption of the ICT security culture. In order to minimize data breaches due to human error it is recommended that SMMEs around Gauteng Province in South Africa adopt the framework as outlined in this research study.
5

Impact of organizational culture on on information security : A case of SMEs in Nigeria

Elehinle, Eniola January 2024 (has links)
Purpose: This thesis explores the impact of organizational culture on information security culture in small and medium-sized enterprises (SMEs) in Nigeria. It primarily examines the culture that can be improved within the SMEs to improve information security. Being a pioneer study for Nigeria, the study focuses more on identifying the existing organizational culture and information security culture subjected to three areas: knowledge, attitude, and behavior. Organizational culture continues to be an influencing factor in Information security. With SMEs just like other organizations continue to be affected by the negative consequences of cybersecurity attacks, this research aims to understand the role organizational culture plays in information security culture with a case study of small scale and medium businesses in Nigeria. Design: The research follows the implementation of two frameworks the OCAI and ISCF to diagnose the existing culture within SMEs in Nigeria and to also identify the existing security culture. The research answers the question of how organizational culture impacts security culture. The research method follows a qualitative approach with interviews conducted in three SMEs at their managerial level. Interview questions were designed based on the designed assessments of the OCAI framework and the ISCF. Ethical Considerations:: Interviews were conducted with consent and anonymity provided for participants. Also no details identifying a particular company was published. The interviews were analysed to come to a logical conclusion. Findings: Organization culture plays a role in strengthening the information security culture of an organization. The bulk of the direction of the organization rests upon the leadership and management. SMEs being smaller in size and close knitted need to pay attention to the unintended gap the dominate culture might be breeding information security and make an effort for change management. Originality: The study opens up a new body of knowledge within the Nigerian Cyber security body and amongst SMEs aiming to bring to light the impact of culture and how this can be leveraged to improve information security.
6

Employee and Organization Security Value Alignment Through Value Sensitive Security Policy Design

Solomon, Dianne Blitstein 05 September 2014 (has links)
Every member of the organization must be involved in proactively and consistently preventing data loss. Implementing a culture of security has proven to be a reliable method of enfranchising employees to embrace security behavior. However, it takes more than education and awareness of policies and directives to effect a culture of security. Research into organizational culture has shown that programs to promote organizational culture - and thus security behavior - are most successful when the organization's values are congruent with employee values. What has not been clear is how to integrate the security values of the organization and its employees in a manner that promotes security culture. This study extended current research related to values and security culture by applying Value Sensitive Design (VSD) methodology to the design of an end user security policy. Through VSD, employee and organizational security values were defined and integrated into the policy. In so doing, the study introduced the concept of value sensitive security policy (VSP) and identified a method for using VSPs to promote a culture of security. At a time when corporate values are playing such a public role in defining the organization, improving security by increasing employee-organization value congruence is both appealing and practical.
7

Establishing an information security awareness and culture

Korovessis, Peter January 2015 (has links)
In today’s business environment all business operations are enabled by technology. Its always on and connected nature has brought new business possibilities but at the same time has increased the number of potential threats. Information security has become an established discipline as more and more businesses realize its value. Many surveys have indicated the importance of protecting valuable information and an important aspect that must be addressed in this regard is information security awareness. The human component has been recognized to have an important role in information security since the only way to reduce security risks is through making employees more information security aware. This also means that employees take responsibility of their actions when dealing with information in their everyday activities. The research is concentrated mainly on information security concepts alongside their relation to the human factor with evidence that users remain susceptible to information security threats, thus illustrating the need for more effective user training in order to raise the level of security awareness. Two surveys were undertaken in order to investigate the potential of raising security awareness within existing education systems by measuring the level of security awareness amongst the online population. The surveys analyzed not only the awareness levels and needs of students during their study and their preparation towards entering the workforce, but also whether this awareness level changes as they progress in their studies. The results of both surveys established that the awareness level of students concerning information security concepts is not at a sufficient level for students entering university education and does not significantly change as they progress their academic life towards entering the workforce. In respect to this, the research proposes and develops the information security toolkit as a prototype awareness raising initiative. The research goes one step further by piloting and evaluating toolkit effectiveness. As an awareness raising method, the toolkit will be the basis for the general technology user to understand the challenges associated with secure use of information technology and help him assess its current knowledge, identify lacks and weaknesses and acquire the required knowledge in order to be competent and confident users of technology.
8

Postoj Francie k zahraniční a bezpečnostní politice Spojených států amerických / The attitude of France towards the US security policy

Čmakalová, Kateřina January 2008 (has links)
One of the most surprising aspects of the renaissance of scholarly interest in culture has been the emerging consensus in national security policy studies that culture effects significantly grand strategy and state behaviour. Therefore, the paper tries to advance rigorous procedures for testing for the existence and influence of security and strategic culture of different national states. It builds mainly on the definition of Alastair I. Johnston (1995) and Jeffrey S. Lantis (2002), who relate security and strategic culture with the definition of main goals/objectives of the state in security affairs and with ways of achieving them. As a case study, the paper will evaluate the approaches of the United States and France towards security threats in the early 21st century, especially towards the threat of global terrorism. It will assess whether and why when achieving security objectives, defined at the highest political level, persuasive or coercive strategy and military or non-military tools were preferred; whether negotiations, diplomacy and political pressure were favoured, or whether it was rather opted for deployment of armed forces and warfare. The text attempts to show how the differences in security and strategic culture, American and French particular identities, values, norms and perceptive lens might lead to different understandings of terrorism as global security threat and to distinct measures taken in the fight against it.
9

Strong Intents Against Weak Links : Towards a Holistic Integration of Behavioral Information Security in Organizations with Strategic Intent

Koller, Teresa Marie, Ljung, Migle January 2021 (has links)
The human factor has been detected as the weakest link in the information security of organizations. Methods like training and awareness programs and the implementation of security policies have been developed, but they still seem to be less effective than desired. Authors have suggested integrating information security more holistically in organizations. In this study we discuss how strategic intent can influence an information security culture and improve information security behavior, thereby strengthening the weakest link. This thesis aims to develop a conceptual framework for organizations to integrate behavioral information security holistically with strategic intent. This thesis is based on a qualitative study with an abductive approach consisting of nine exploratory, semi-structured interviews. This way we could find today’s most prominent factors that might reinforce information security behavior in organizations and discuss the interrelations among those factors together with their potential facilitators and barriers. To improve behavioral InfoSec holistically in organizations, strategic Intent and InfoSec culture are promising factors. All factors have clear interrelations, but also potential facilitators and barriers.
10

Information Security Behavior: A Cross-Cultural Comparison of Irish and US Employees

Connolly, Lena Y., Lang, M., Wall, D.S. 16 June 2020 (has links)
Yes / This study explores how aspects of perceived national culture affect the information security attitudes and behavior of employees. Data was collected using 19 semi-structured interviews in Ireland and the United States of America (US). The main findings are that US employees in the observed organizations are more inclined to adopt formalized information security policies and procedures than Irish employees, and are also more likely to have higher levels of compliance and lower levels of non-compliance.

Page generated in 0.0587 seconds