Open access repository

Home Open access repository

In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).

» Openaccess proceedings » Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015)

Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015)

Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015)
Lesvos, Greece, July 1-3, 2015
ISBN: 978-1-84102-388-5

Title: The Influence of Information Security Policies on Information Security Culture: Illustrated through a Case Study
Author(s): Adele Da Veiga
Reference: pp22-33
Keywords: Information security policy, information security culture, assessment, survey, awareness, behaviour, empirical data
Abstract: An information security-positive culture is required in organisations where employees process information in line with its confidentiality, sensitivity and privacy requirements. The information security policy serves as a critical cornerstone in guiding employee behaviour to direct the protection of information. Employees must be aware of and understand the information security policy requirements they have to abide by in order to process information securely and thereby contribute to an information security-positive culture. This study outlines a case study over eight years in which empirical research was conducted to examine the level of information security culture between employees who had read the information security policy and employees who had not read the policy. It was found that the overall information security culture average scores were significantly more positive for employees who read the information security policy when compared with employees who had not, illustrating the positive impact of the policy on the information security culture in the context of an Information Security Culture Assessment (ISCA). The study confirms theoretical research stating the importance of information security policies as part of an information security programme and the governance of information to instil an information security-positive culture.
Download count: 4086

How to get this paper:

Download a free PDF copy of this paperBuy this book at Lulu.com

PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.