Investigating the Role of Culture in Information Security

Abstract

The utilisation of information technology within organisations has resulted in a significant rise in the volume of information and data that are produced and stored. This information holds significant importance for both organisations and individuals. Ensuring the safeguarding of information assets against both external and internal threats is of utmost significance. Technical and human-based threats to information security can be distinguished; according to Glaspie and Karwowski (2018), organisational information security vulnerabilities are primarily the result of human-based threats. In spite of significant investments made, information security breaches brought on by human error are becoming more frequent despite efforts made by organisations to protect their data and secure their networks (Ponemon, 2019). Improving the behaviour of employees regarding threats to information security can be reduced with the aid of information security. Furthermore, it is widely believed that cultivating an effective culture of information security plays a significant role in enhancing information security behaviour. Information security culture encompasses the values, beliefs, attitudes, assumptions, and knowledge of information security that employees use when interacting with the information assets and systems of their organisation. To establish a successful information security culture, it is crucial to comprehend and concentrate on the significance of organisational culture, which is crucial for information security. Employees who are committed and aware of the significance of protecting sensitive data by adhering to security policies and procedures can help create a secure environment by fostering a strong information security culture. Furthermore, it is critical to recognise and comprehend the major variables that influence the culture of information security. Therefore, this study looked into the crucial elements that go into creating an efficient information security culture and examined how this culture affects how staff members act with regard to information security. The employees of government organisations are the study's target audience. The information was gathered using an online questionnaire. According to this study's findings, building a good and effective information security culture is correlated with information security behaviour. The development of information security policies and programmes will be aided by these findings for use by government policymakers and information security professionals. This will create a strong culture of information security within firms and promote excellent information security behaviour.