Show simple item record

dc.contributor.authorTolah, Alaa
dc.contributor.authorFurnell, Steven
dc.contributor.authorPapadaki, Maria
dc.date.accessioned2021-07-15T14:28:48Z
dc.date.available2021-07-15T14:28:48Z
dc.date.issued2021-06-05
dc.identifier.citationTolah, A., Furnell, S.M. and Papadaki, M., (2021). 'An Empirical Analysis of the Information Security Culture Key Factors Framework'. Computers & Security, pp. 1-20.en_US
dc.identifier.issn0167-4048
dc.identifier.doi10.1016/j.cose.2021.102354
dc.identifier.urihttp://hdl.handle.net/10545/625880
dc.description.abstractInformation security is a challenge facing organisations, as security breaches pose a serious threat to sensitive information. Organisations face security risks in relation to their information assets, which may also stem from their own employees. Organisations need to focus on employee behaviour to limit security failures, as if they wish to establish effective security culture with employees acting as a natural safeguard for information assets. This study was conducted to respond to a need for more empirical studies that focus on a development of security culture to provide a comprehensive framework. The Information Security Culture and Key Factors Framework has been developed, incorporating two types of factors: those that influence security culture and those that reflect it. This paper validates the applicability of the framework and tests related hypotheses through an empirical study. An exploratory survey was conducted, and 266 valid responses were obtained. Phase two of the study demonstrates the framework levels of validity and reliability through the use of factor analysis. Different hypothetical correlations were analysed through the use of structural equation modelling, with indirect exploratory effect of the moderators achieved through a multi-group analysis. The findings show that the framework has validity and achieved an acceptable fit with the data. This study fills an important gap in the significant relationship between personality traits and security culture. It also contributes to the improvement of information security management through the introduction of a comprehensive framework in practice, which functions in the establishment of security culture. The factors are vital in justifying security culture acceptance, and the framework provides an important tool that can be used to assess and improve an organisational security culture.en_US
dc.description.sponsorshipN/Aen_US
dc.language.isoenen_US
dc.publisherElsevieren_US
dc.relation.urlhttps://doi.org/10.1016/j.cose.2021.102354en_US
dc.relation.urlhttps://nottingham-repository.worktribe.com/output/5633864en_US
dc.subjectCulture frameworken_US
dc.subjectInformation security cultureen_US
dc.subjectHuman factorsen_US
dc.subjectEmployee behaviouren_US
dc.subjectQuantitively studyen_US
dc.titleAn empirical analysis of the information security culture key factors frameworken_US
dc.typeArticleen_US
dc.contributor.departmentUniversity of Plymouthen_US
dc.contributor.departmentSaudi Electronic University, Riyadh, Saudi Arabiaen_US
dc.contributor.departmentUniversity of Nottinghamen_US
dc.contributor.departmentUniversity of Derbyen_US
dc.contributor.departmentNelson Mandela University, Gqeberha, South Africaen_US
dc.identifier.journalComputers & Securityen_US
dcterms.dateAccepted2021-05-29
dc.author.detail300833en_US


Files in this item

Thumbnail
Name:
Publisher version

This item appears in the following Collection(s)

Show simple item record