Organisational security culture: Extending the end-user perspective

被引：96

作者：

Ruighaver, A. B. ^{[1
]}

Maynard, S. B. ^{[1
]}

Chang, S. ^{[1
]}

机构：

[1] Univ Melbourne, Dept Informat Syst, Parkville, Vic 3052, Australia

来源：

COMPUTERS & SECURITY | 2007年 / 26卷 / 01期

关键词：

security culture; organisational culture; security governance; motivation; risk analysis;

D O I：

10.1016/j.cose.2006.10.008

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The concept of security culture is relatively new. It is often investigated in a simplistic manner focusing on end-users and on the technical aspects of security. Security, however, is a management problem and as a result, the investigation of security culture should also have a management focus. This paper describes a framework of eight dimensions of culture. Each dimension is discussed in terms of how they relate specifically to security culture based on a number of previously published case studies. We believe that use of this framework in security culture research will reduce the inherent biases of researchers who tend to focus on only technical aspects of culture from an end-users perspective. (C) 2006 Elsevier Ltd. All rights reserved.

引用

页码：56 / 62

页数：7