Skip to Main content Skip to Navigation
Conference papers

A Comprehensive Framework for Understanding Security Culture in Organizations

Abstract : Organizational security is exposed to internal and external threats, with a greater level of vulnerabilities coming from the former. Drawing upon findings from prior works as a foundation, this study aims to highlight the significant factors that influence the security culture within organizations. Phase one of the study reports upon an interview-based investigation undertaken with thirteen experienced, knowledgeable security specialists from seven organizations. The main findings confirmed the importance of the identified factors from the previous work. The focus to emerge from the interviews concludes that continuously subjecting employees to targeted training and awareness development improves security culture. Indeed, there was a clear lack of awareness and compliance regarding the implementation and clarity of security policies in organizations. Also, the inefficient training program and limit to specific employees in organizations leads to a lack of awareness and compliance.
Document type :
Conference papers
Complete list of metadata

Cited literature [17 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Friday, November 15, 2019 - 2:56:08 PM
Last modification on : Wednesday, February 2, 2022 - 2:50:02 PM
Long-term archiving on: : Sunday, February 16, 2020 - 5:10:33 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Alaa Tolah, Steven M. Furnell, Maria Papadaki. A Comprehensive Framework for Understanding Security Culture in Organizations. 12th IFIP World Conference on Information Security Education (WISE), Jun 2019, Lisbon, Portugal. pp.143-156, ⟨10.1007/978-3-030-23451-5_11⟩. ⟨hal-02365738⟩



Record views


Files downloads