Information security culture - validation of an assessment instrument
Loading...
Date
Authors
Da Veiga, A.
Martins, Nico
Eloff, Jan H.P.
Journal Title
Journal ISSN
Volume Title
Publisher
College of Economic and Management Sciences, University of South Africa
Abstract
Organisations need to ensure that the interaction among people, as well as between people and information technology (IT) systems, contributes to the protection of information assets. Organisations therefore need to assess their employees' behaviour and attitudes towards the protection of information assets in order to establish whether employee behaviour is an asset or a threat to the protection of information. One approach that organisations could use is to assess whether an acceptable level of information security culture has been inculcated in the organisation and, if not, take corrective action. The aim of this paper is to validate an information security culture assessment instrument. This is achieved by performing a factor and reliability analysis on the data from an information security culture assessment in a financial organisation. The results of the analysis are used to identify areas for improving the information security culture assessment instrument. The study makes a contribution to the existing body of knowledge concerned with the assessment of information security culture and its value for management to ensure the protection of information assets.
Description
Keywords
Information security, Information security culture, Information security awareness, Behaviour, Measure, Assess, Questionnaire, Validity, Reliability, Survey
Sustainable Development Goals
Citation
Da Veiga, A, Martins, N & Eloff, JHP 2007, 'Information security culture - validation of an assessment instrument', Southern African Business Review, vol. 11, no. 1, pp. 147-166. [http://www.unisa.ac.za/sabusinessreview]