Information security culture - validation of an assessment instrument

Loading...
Thumbnail Image

Authors

Da Veiga, A.
Martins, Nico
Eloff, Jan H.P.

Journal Title

Journal ISSN

Volume Title

Publisher

College of Economic and Management Sciences, University of South Africa

Abstract

Organisations need to ensure that the interaction among people, as well as between people and information technology (IT) systems, contributes to the protection of information assets. Organisations therefore need to assess their employees' behaviour and attitudes towards the protection of information assets in order to establish whether employee behaviour is an asset or a threat to the protection of information. One approach that organisations could use is to assess whether an acceptable level of information security culture has been inculcated in the organisation and, if not, take corrective action. The aim of this paper is to validate an information security culture assessment instrument. This is achieved by performing a factor and reliability analysis on the data from an information security culture assessment in a financial organisation. The results of the analysis are used to identify areas for improving the information security culture assessment instrument. The study makes a contribution to the existing body of knowledge concerned with the assessment of information security culture and its value for management to ensure the protection of information assets.

Description

Keywords

Information security, Information security culture, Information security awareness, Behaviour, Measure, Assess, Questionnaire, Validity, Reliability, Survey

Sustainable Development Goals

Citation

Da Veiga, A, Martins, N & Eloff, JHP 2007, 'Information security culture - validation of an assessment instrument', Southern African Business Review, vol. 11, no. 1, pp. 147-166. [http://www.unisa.ac.za/sabusinessreview]