In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
» Openaccess proceedings » Third International Conference on Human Aspects of Information Security & Assurance (HAISA 2009)
Third International Conference on Human Aspects of Information Security & Assurance (HAISA 2009) |
Title: Understanding and Transforming Organisational
Culture
Author(s): David Lacey
Reference: pp1-6
Keywords: Information Security; Risk Management; Security Awareness; Organizational
Change
Abstract: Since the introduction of computers, information systems and data have been repeatedly
undermined by design flaws, weak passwords, lost media, social engineering and numerous
other bad practices. These risks continue to grow with the increasing complexity and
connectivity of modern business systems. But actions by people are not only the cause of
incidents, they are also the means to prevent, detect and resolve them. People design,
implement, operate, use and abuse information systems. And in the process they make
mistakes or create weaknesses that enable criminals to steal, corrupt and manipulate
information assets. Addressing these risks cannot be done through technology and process
alone. It requires an understanding of the principles for understanding organizational culture,
creating awareness, and changing attitudes and behaviour. This paper presents a range of
observations about the nature of organizational culture, as perceived by an experienced
information security director, as well as a set of practical techniques, based on psychological
principles, that have been found to be effective in helping to achieve desired changes in human
security behaviour.
Download count: 2019
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.