Every member of the organization must be involved in proactively and consistently preventing data loss. Implementing a culture of security has proven to be a reliable method of enfranchising employees to embrace security behavior. However, it takes more than education and awareness of policies and directives to effect a culture of security. Research into organizational culture has shown that programs to promote organizational culture - and thus security behavior - are most successful when the organization's values are congruent with employee values. What has not been clear is how to integrate the security values of the organization and its employees in a manner that promotes security culture. This study extended current research related to values and security culture by applying Value Sensitive Design (VSD) methodology to the design of an end user security policy. Through VSD, employee and organizational security values were defined and integrated into the policy. In so doing, the study introduced the concept of value sensitive security policy (VSP) and identified a method for using VSPs to promote a culture of security. At a time when corporate values are playing such a public role in defining the organization, improving security by increasing employee-organization value congruence is both appealing and practical.
Identifer | oai:union.ndltd.org:nova.edu/oai:nsuworks.nova.edu:gscis_etd-1004 |
Date | 05 September 2014 |
Creators | Solomon, Dianne Blitstein |
Publisher | NSUWorks |
Source Sets | Nova Southeastern University |
Detected Language | English |
Type | text |
Format | application/pdf |
Source | CEC Theses and Dissertations |
Page generated in 0.0017 seconds