Skip to Main content Skip to Navigation
Conference papers

A Comprehensive Framework for Understanding Security Culture in Organizations

Abstract : Organizational security is exposed to internal and external threats, with a greater level of vulnerabilities coming from the former. Drawing upon findings from prior works as a foundation, this study aims to highlight the significant factors that influence the security culture within organizations. Phase one of the study reports upon an interview-based investigation undertaken with thirteen experienced, knowledgeable security specialists from seven organizations. The main findings confirmed the importance of the identified factors from the previous work. The focus to emerge from the interviews concludes that continuously subjecting employees to targeted training and awareness development improves security culture. Indeed, there was a clear lack of awareness and compliance regarding the implementation and clarity of security policies in organizations. Also, the inefficient training program and limit to specific employees in organizations leads to a lack of awareness and compliance.
Document type :
Conference papers
Complete list of metadata

Cited literature [17 references]  Display  Hide  Download
Contributor : Hal Ifip <>
Submitted on : Friday, November 15, 2019 - 2:56:08 PM
Last modification on : Friday, November 15, 2019 - 3:02:22 PM
Long-term archiving on: : Sunday, February 16, 2020 - 5:10:33 PM


 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2022-01-01

Please log in to resquest access to the document


Distributed under a Creative Commons Attribution 4.0 International License



Alaa Tolah, Steven Furnell, Maria Papadaki. A Comprehensive Framework for Understanding Security Culture in Organizations. 12th IFIP World Conference on Information Security Education (WISE), Jun 2019, Lisbon, Portugal. pp.143-156, ⟨10.1007/978-3-030-23451-5_11⟩. ⟨hal-02365738⟩



Record views