Purpose: This thesis explores the impact of organizational culture on information security culture in small and medium-sized enterprises (SMEs) in Nigeria. It primarily examines the culture that can be improved within the SMEs to improve information security. Being a pioneer study for Nigeria, the study focuses more on identifying the existing organizational culture and information security culture subjected to three areas: knowledge, attitude, and behavior. Organizational culture continues to be an influencing factor in Information security. With SMEs just like other organizations continue to be affected by the negative consequences of cybersecurity attacks, this research aims to understand the role organizational culture plays in information security culture with a case study of small scale and medium businesses in Nigeria. Design: The research follows the implementation of two frameworks the OCAI and ISCF to diagnose the existing culture within SMEs in Nigeria and to also identify the existing security culture. The research answers the question of how organizational culture impacts security culture. The research method follows a qualitative approach with interviews conducted in three SMEs at their managerial level. Interview questions were designed based on the designed assessments of the OCAI framework and the ISCF. Ethical Considerations:: Interviews were conducted with consent and anonymity provided for participants. Also no details identifying a particular company was published. The interviews were analysed to come to a logical conclusion. Findings: Organization culture plays a role in strengthening the information security culture of an organization. The bulk of the direction of the organization rests upon the leadership and management. SMEs being smaller in size and close knitted need to pay attention to the unintended gap the dominate culture might be breeding information security and make an effort for change management. Originality: The study opens up a new body of knowledge within the Nigerian Cyber security body and amongst SMEs aiming to bring to light the impact of culture and how this can be leveraged to improve information security.
Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:his-24095 |
Date | January 2024 |
Creators | Elehinle, Eniola |
Publisher | Högskolan i Skövde, Institutionen för informationsteknologi |
Source Sets | DiVA Archive at Upsalla University |
Language | English |
Detected Language | English |
Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
Format | application/pdf |
Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0013 seconds