S. Furnell and N. Clarke, Power to the people? The evolving recognition of human aspects of security, Computers & Security, vol.31, issue.8, pp.983-988, 2012.
DOI : 10.1016/j.cose.2012.08.004

S. L. Pfleeger and D. D. Caputo, Leveraging behavioral science to mitigate cyber security risk, Computers & Security, vol.31, issue.4, pp.597-611, 2012.
DOI : 10.1016/j.cose.2011.12.010

J. Van-niekerk and R. Von-solms, Organisational Learning Models for Information Security, 2004.

K. Thomson and J. Van-niekerk, Combating information security apathy by encouraging prosocial organisational behaviour, Information Management & Computer Security, vol.20, issue.1, pp.39-46, 2012.
DOI : 10.1108/09685221211219191

K. Jansson and R. Von-solms, Phishing for phishing awareness, Behaviour & Information Technology, vol.32, issue.2, 2011.
DOI : 10.1109/MSP.2008.52

K. Jansson, A Model for Cultivating Resistance to Social Engineering Attacks, Unpublished M-dissertation, 2011.

P. Kumaraguru, J. Cranshaw, A. Acquisti, L. Cranor, J. Hong et al., School of phish, Proceedings of the 5th Symposium on Usable Privacy and Security, SOUPS '09, pp.1-312, 2009.
DOI : 10.1145/1572532.1572536

T. N. Jagatic, N. A. Johnson, M. Jakobsson, and F. Menezer, Social phishing, Social Phishing, pp.94-100, 2007.
DOI : 10.1145/1290958.1290968

R. C. Dodge, C. Carver, and A. J. Ferguson, Phishing for user security awareness, Computers & Security, vol.26, issue.1, pp.73-80, 2007.
DOI : 10.1016/j.cose.2006.10.009

E. Albrechtsen, Barriers against Productive Organisational Learning from Information Security Incidents, Paper in the PhD course Organisational Development and ICT, 2003.

S. P. Lopez, J. M. Peon, and C. J. Ordas, Organizational learning as a determining factor in business performance, The Learning Organization, vol.12, issue.3, pp.227-245, 2005.
DOI : 10.1108/09696470510592494

E. Kennedy, A Critical Evaluation of the Organisational Learning that takes place in a Project Management Environment, Unpublished M-dissertation, 2008.

C. Argyris and D. Schon, Organisational Learning II: Theory, Method and Practice, 1996.

B. Buckler, Practical steps towards a learning organisation: applying academic knowledge to improvement and innovation in business processes, The Learning Organization, vol.5, issue.1, pp.15-23, 1998.
DOI : 10.1108/09696479810200810

A. Ahmad, J. Hadgkiss, and A. B. Ruighaver, Incident response teams ??? Challenges in supporting the organisational security function, Computers & Security, vol.31, issue.5, pp.643-652, 2012.
DOI : 10.1016/j.cose.2012.04.001

G. C. Kane and M. Alavi, Information Technology and Organizational Learning: An Investigation of Exploration and Exploitation Processes, Organization Science, vol.18, issue.5, pp.796-812, 2007.
DOI : 10.1287/orsc.1070.0286

S. Chou, Computer Systems to Facilitating Organizational Learning: IT and Organizational Context, Expert Systems with Applications, pp.273-280, 2003.
DOI : 10.1016/s0957-4174(02)00155-0
URL : http://repository.nkfust.edu.tw/ir/bitstream/987654321/16553/-1/{1}

M. Pattinson, C. Jerram, K. Parsons, A. Mccormac, and M. Butavicius, Why do some people manage phishing e???mails better than others?, Information Management & Computer Security, vol.20, issue.1, pp.18-28, 2012.
DOI : 10.1108/09685221211219173
URL : https://digital.library.adelaide.edu.au/dspace/retrieve/148723/RA_hdl_72956.pdf

T. Steyn, H. A. Kruger, and L. Drevin, Identity Theft ? Empirical Evidence from a Phishing Exercise, New Approaches for Security, Privacy and Trust in Complex Environments, IFIP International Federation for Information Processing, issue.232, pp.193-203, 2007.

E. Albrechtsen and J. Hovden, The information security digital divide between information security managers and users, Computers & Security, vol.28, issue.6, pp.476-490, 2009.
DOI : 10.1016/j.cose.2009.01.003