系统的文献综述:信息安全文化

Amjad Mahfuth, S. Yussof, Asmidar Abu Baker, N. Ali
{"title":"系统的文献综述:信息安全文化","authors":"Amjad Mahfuth, S. Yussof, Asmidar Abu Baker, N. Ali","doi":"10.1109/ICRIIS.2017.8002442","DOIUrl":null,"url":null,"abstract":"Human behavior inside organizations is considered the main threat to organizations. Moreover, in information security the human element consider the most of weakest link in general. Therefore it is crucial to create an information security culture to protect the organization's assets from inside and to influence employees' security behavior. This paper focuses on identifying the definitions and frameworks for establishing and maintaining information security culture inside organizations. It presents work have been done to conduct a systematic literature review of papers published on information security culture from 2003 to 2016. The review identified 68 papers that focus on this area, 18 of which propose an information security culture framework. An analysis of these papers indicate there is a positive relationship between levels of knowledge and how employees behave. The level of knowledge significantly affects information security behavior and should be considered as a critical factor in the effectiveness of information security culture and in any further work that is carried out on information security culture. Therefore, there is a need for more studies to identity the security knowledge that needs to be incorporated into organizations and to find instances of best practice for building an information security culture within organizations.","PeriodicalId":384130,"journal":{"name":"2017 International Conference on Research and Innovation in Information Systems (ICRIIS)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"38","resultStr":"{\"title\":\"A systematic literature review: Information security culture\",\"authors\":\"Amjad Mahfuth, S. Yussof, Asmidar Abu Baker, N. Ali\",\"doi\":\"10.1109/ICRIIS.2017.8002442\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Human behavior inside organizations is considered the main threat to organizations. Moreover, in information security the human element consider the most of weakest link in general. Therefore it is crucial to create an information security culture to protect the organization's assets from inside and to influence employees' security behavior. This paper focuses on identifying the definitions and frameworks for establishing and maintaining information security culture inside organizations. It presents work have been done to conduct a systematic literature review of papers published on information security culture from 2003 to 2016. The review identified 68 papers that focus on this area, 18 of which propose an information security culture framework. An analysis of these papers indicate there is a positive relationship between levels of knowledge and how employees behave. The level of knowledge significantly affects information security behavior and should be considered as a critical factor in the effectiveness of information security culture and in any further work that is carried out on information security culture. Therefore, there is a need for more studies to identity the security knowledge that needs to be incorporated into organizations and to find instances of best practice for building an information security culture within organizations.\",\"PeriodicalId\":384130,\"journal\":{\"name\":\"2017 International Conference on Research and Innovation in Information Systems (ICRIIS)\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-07-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"38\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 International Conference on Research and Innovation in Information Systems (ICRIIS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICRIIS.2017.8002442\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference on Research and Innovation in Information Systems (ICRIIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICRIIS.2017.8002442","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 38

摘要

组织内部的人类行为被认为是对组织的主要威胁。此外,在信息安全中,人的因素通常被认为是最薄弱的环节。因此,创建一种信息安全文化来保护组织的内部资产并影响员工的安全行为是至关重要的。本文着重于确定在组织内部建立和维护信息安全文化的定义和框架。它介绍了已经完成的工作,对2003年至2016年发表的信息安全文化论文进行了系统的文献综述。审查确定了68篇论文关注这一领域,其中18篇提出了信息安全文化框架。对这些论文的分析表明,知识水平与员工行为之间存在正相关关系。知识水平对信息安全行为有显著影响,应被视为信息安全文化有效性的关键因素,并应被视为开展信息安全文化的任何进一步工作的关键因素。因此,有必要进行更多的研究,以确定需要纳入组织的安全知识,并找到在组织内构建信息安全文化的最佳实践实例。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
A systematic literature review: Information security culture
Human behavior inside organizations is considered the main threat to organizations. Moreover, in information security the human element consider the most of weakest link in general. Therefore it is crucial to create an information security culture to protect the organization's assets from inside and to influence employees' security behavior. This paper focuses on identifying the definitions and frameworks for establishing and maintaining information security culture inside organizations. It presents work have been done to conduct a systematic literature review of papers published on information security culture from 2003 to 2016. The review identified 68 papers that focus on this area, 18 of which propose an information security culture framework. An analysis of these papers indicate there is a positive relationship between levels of knowledge and how employees behave. The level of knowledge significantly affects information security behavior and should be considered as a critical factor in the effectiveness of information security culture and in any further work that is carried out on information security culture. Therefore, there is a need for more studies to identity the security knowledge that needs to be incorporated into organizations and to find instances of best practice for building an information security culture within organizations.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信