Skip to main content
SpringerLink
Log in

Cyber4Dev Security Culture Model for African Countries

  • Conference paper
  • First Online:
Human Aspects of Information Security and Assurance (HAISA 2022)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 658))

  • 546 Accesses

Abstract

Creating a good information security culture among employees within organizations is the cornerstone for a safe and robust cyberspace. Furthermore, a strong information security culture within organizations will assist in reducing the effects of human habits that lead to data breaches. This article seeks to conduct a scoping review of the scholarly literature on Cyber Resilience for Development (Cyber4Dev) security culture within the context of African countries. With limited scholarly articles available for Cyber4Dev, the review will focus on information security culture to adapt it to a Cyber4Dev security culture that organizations in Africa can replicate. Using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) for the scoping review, this paper analysed 40 scholarly articles on information security culture to propose a Cyber4Dev security culture model for organizations applicable within an African context. Economic, social-culture and trust were identified as some of the factors to consider in an African context to promote an information security culture. Organisations can consider these factors as part of their information security programs. The model serves as reference for further research to explore the influence of the identified factors in an African context.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 129.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Sas, M., Hardyns, W., van Nunen, K., Reniers, G., Ponnet, K.: Measuring the security culture in organizations: a systematic overview of existing tools. Secur. J. 34(2), 340–357 (2021). https://doi.org/10.1057/s41284-020-00228-4. Palgrave Macmillan UK

  2. Kurebwa, J., Magumise, E.: The effectiveness of cyber security frameworks in combating terrorism in Zimbabwe. Int. J. Cyber Res. Educ. 2, 1–16 (2019). https://doi.org/10.4018/ijcre.2020010101

    Article  Google Scholar 

  3. Cyber4Dev: Project objectives – Cyber4d – Cyber Resilience for Development. https://cyber4dev.eu/project-activities/

  4. Abdulrauf, L.A.: Giving ‘teeth’ to the African Union towards advancing compliance with data privacy norms. Inf. Commun. Technol. Law. 30, 87–107 (2021). https://doi.org/10.1080/13600834.2021.1849953

    Article  Google Scholar 

  5. Obuhuma, J., Zivuku, S.: Social engineering based cyber-attacks in kenya. In: 2020 IST-Africa Conf. IST-Africa 2020, pp. 1–9 (2020)

    Google Scholar 

  6. Campbell, M.: What’s in a project name? - Cyber Resilience for Development [Cyber4Dev] (2019)

    Google Scholar 

  7. ITU: Global Cybersecurity Index, 2017. ITU Publications (2019)

    Google Scholar 

  8. Kshetri, N.: Cybercrime and cybersecurity in Africa. J. Glob. Inf. Technol. Manag. 22, 77–81 (2019). https://doi.org/10.1080/1097198X.2019.1603527

    Article  Google Scholar 

  9. Nagyfejeo, E., Solms, B. Von: Why do national cybersecurity awareness programmes often fail? Int. J. Inf. Secur. Cybercrime. 9, 18–27 (2020). https://doi.org/10.19107/ijisc.2020.02.03

  10. Alhogail, A.: Design and validation of information security culture framework. Comput. Human Behav. 49, 567–575 (2015). https://doi.org/10.1016/j.chb.2015.03.054

    Article  Google Scholar 

  11. Da Veiga, A., Martins, N.: Information security culture and information protection culture: a validated assessment instrument. Comput. Law Secur. Rev. 31, 243–256 (2015). https://doi.org/10.1016/j.clsr.2015.01.005

    Article  Google Scholar 

  12. Nasir, A., Arshah, R.A., Hamid, M.R.A., Fahmy, S.: An analysis on the dimensions of information security culture concept: a review. J. Inf. Secur. Appl. 44, 12–22 (2019). https://doi.org/10.1016/j.jisa.2018.11.003

    Article  Google Scholar 

  13. Orehek, Š, Petrič, G.: A systematic review of scales for measuring information security culture. Inf. Comput. Secur. 29, 133–158 (2020). https://doi.org/10.1108/ICS-12-2019-0140

    Article  Google Scholar 

  14. Da Veiga, A.: An approach to information security culture change combining ADKAR and the ISCA questionnaire to aid transition to the desired culture. Inf. Comput. Secur. 26, 584–612 (2018). https://doi.org/10.1108/ICS-08-2017-0056

    Article  Google Scholar 

  15. Alnatheer, M.A.: Information security culture critical success factors. In: Proc. - 12th Int. Conf. Inf. Technol. New Gener. ITNG 2015, pp. 731–735 (2015). https://doi.org/10.1109/ITNG.2015.124

  16. Da Veiga, A., Martins, N.: Improving the information security culture through monitoring and implementation actions illustrated through a case study. Comput. Secur. 49, 162–176 (2015). https://doi.org/10.1016/j.cose.2014.12.006

    Article  Google Scholar 

  17. Connolly, L.Y., Lang, M., Wall, D.S.: Information security behavior: a cross-cultural comparison of irish and US employees. Inf. Syst. Manag. 36, 306–322 (2019). https://doi.org/10.1080/10580530.2019.1651113

    Article  Google Scholar 

  18. Da Veiga, A.: Achieving a Security Culture, pp. 72–100 (2019). https://doi.org/10.4018/978-1-5225-7847-5.ch005

  19. Mousavi, M.Z., Kumar, S.: Analysis of key factors for organization information security. In: Proc. Int. Conf. Mach. Learn. Big Data, Cloud Parallel Comput. Trends, Prespectives Prospect. Com. 2019, pp. 514–518 (2019). https://doi.org/10.1109/COMITCon.2019.8862191

  20. Nel, F., Drevin, L.: Key elements of an information security culture in organisations. Inf. Comput. Secur. 27, 146–164 (2019). https://doi.org/10.1108/ICS-12-2016-0095

    Article  Google Scholar 

  21. Mahfuth, A., Yussof, S., Baker, A.A., Ali, N.: A systematic literature review: Information security culture. Int. Conf. Res. Innov. Inf. Syst. ICRIIS. 1–6 (2017). https://doi.org/10.1109/ICRIIS.2017.8002442

  22. Schia, N.N.: The cyber frontier and digital pitfalls in the Global South. Third World Q. 39, 821–837 (2018). https://doi.org/10.1080/01436597.2017.1408403

    Article  Google Scholar 

  23. United Nations Economic Commission for Africa: Policy Brief Tackling the challenges of cybersecurity in Africa. www.economist.com/. (2014)

  24. KnowBe4: African Cybersecurity Research Report. 1–8 (2019)

    Google Scholar 

  25. Check Point Research: Cyber Security Report 2020. Security 7, 1–15 (2020)

    Google Scholar 

  26. Bada, M., von Solms, B., Agrafiotis, I.: Reviewing national cybersecurity awareness in africa: an empirical study. In: Third Int. Conf. Cyber-Technologies Cyber-Systems, CYBER 2018, pp. 78–83 (2018)

    Google Scholar 

  27. Schelenz, L., Schopp, K.: Digitalization in Africa: interdisciplinary perspectives on technology, development, and justice. Int. J. Digit. Soc. 9, 1412–1420 (2018). https://doi.org/10.20533/ijds.2040.2570.2018.0175

  28. Amankwa, E., Loock, M., Kritzinger, E.: Enhancing information security education and awareness: proposed characteristics for a model. In: 2nd Int. Conf. Inf. Secur. Cyber Forensics, InfoSec 2015, pp. 72–77 (2016). https://doi.org/10.1109/InfoSec.2015.7435509

  29. Von Solms, B., Bada, M., Agrafiotis, I.: Reviewing national cybersecurity awareness for users and executives in Africa. Int. J. Adv. Secur. 12, 108–118 (2019)

    Google Scholar 

  30. Ndiege, J.R., Okello, G.: Towards information security savvy students in institutions of higher learning in Africa: a case of a university in Kenya. In: 2018 IST-Africa Week Conf. IST-Africa 2018, pp. 1–8 (2018)

    Google Scholar 

  31. Devi, A.: Cyber Crime and Cyber Security: Trends in Africa, pp. 160–171 (2017). https://doi.org/10.4018/978-1-5225-2154-9.ch011

  32. EY: EY Global Information Security Survey 2020. How does security evolve from bolted on to built-in? (2020)

    Google Scholar 

  33. Nathan, A.J., Scobell, A.: 2020 Data Breach Investigations Report. Verizon (2020)

    Google Scholar 

  34. Malatji, M., Marnewick, A.L., von Solms, S.: Cybersecurity policy and the legislative context of the water and wastewater sector in South Africa. Sustain. 13, 1–33 (2021). https://doi.org/10.3390/su13010291

    Article  Google Scholar 

  35. Tricco, A.C., et al.: A scoping review on the conduct and reporting of scoping reviews. BMC Med. Res. Methodol. 16, 1 (2016). https://doi.org/10.1186/s12874-016-0116-4

    Article  Google Scholar 

  36. Tolah, A., Furnell, S.M., Papadaki, M.: An empirical analysis of the information security culture key factors framework. Comput. Secur. 108, 102354 (2021). https://doi.org/10.1016/j.cose.2021.102354

    Article  Google Scholar 

  37. Woretaw, A., Lessa, L., Negash, S.: Factors hindering full-fledged information security in banking sector in Ethiopia: Emphasis on information security culture. In: 25th Am. Conf. Inf. Syst. AMCIS 2019. (2019)

    Google Scholar 

  38. da Veiga, A., Martins, N.: Defining and identifying dominant information security cultures and subcultures. Comput. Secur. 70, 72–94 (2017). https://doi.org/10.1016/j.cose.2017.05.002

    Article  Google Scholar 

  39. Nasir, A., Arshah, R.A., Ab Hamid, M.R.: Information security policy compliance behavior based on comprehensive dimensions of information security culture: A conceptual framework. ACM Int. Conf. Proceeding Ser. Part F1282, 56–60 (2017). https://doi.org/10.1145/3077584.3077593

    Article  Google Scholar 

  40. Chen, Y., Ramamurthy, K., Wen, K.W.: Impacts of comprehensive information security programs on information security culture. J. Comput. Inf. Syst. 55, 11–19 (2015). https://doi.org/10.1080/08874417.2015.11645767

    Article  Google Scholar 

  41. Martins, N., Da Veiga, A.: An Information security culture model validated with structural equation modelling. In: Proc. 9th Int. Symp. Hum. Asp. Inf. Secur. Assur. HAISA 2015, pp. 11–21 (2015)

    Google Scholar 

  42. Hogail, A. Al: Cultivating and assessing an organizational information security culture; an empirical study. Int. J. Secur. its Appl. 9, 163–178 (2015). https://doi.org/10.14257/ijsia.2015.9.7.15

  43. Dang-Pham, D., Pittayachawan, S., Bruno, V.: Investigating the formation of information security climate perceptions with social network analysis: A research proposal. In: Pacific Asia Conf. Inf. Syst. PACIS 2015 - Proc. (2015)

    Google Scholar 

  44. Da Veiga, A.: Comparing the information security culture of employees who had read the information security policy and those who had not Illustrated through an empirical study. Inf. Comput. Secur. 24, 139–151 (2016). https://doi.org/10.1108/ICS-12-2015-0048

    Article  Google Scholar 

  45. Da Veiga, A.: The influence of information security policies on information security culture: Illustrated through a case study. In: Proc. 9th Int. Symp. Hum. Asp. Inf. Secur. Assur. HAISA 2015, pp. 22–33 (2015)

    Google Scholar 

  46. Mokwetli, M., Zuva, T.: Adoption of the ICT security culture in SMME’s in the gauteng province, South Africa. In: 2018 Int. Conf. Adv. Big Data, Comput. Data Commun. Syst. icABCD 2018. (2018). https://doi.org/10.1109/ICABCD.2018.8465139

  47. Uchendu, B., Nurse, J.R.C., Bada, M., Furnell, S.: Developing a cyber security culture: current practices and future needs. Comput. Secur. 109, 102387 (2021). https://doi.org/10.1016/j.cose.2021.102387

    Article  Google Scholar 

  48. Arbanas, K., Spremic, M., Zajdela Hrustek, N.: Holistic framework for evaluating and improving information security culture. Aslib J. Inf. Manag. 73, 699–719 (2021). https://doi.org/10.1108/AJIM-02-2021-0037

    Article  Google Scholar 

  49. Da Veiga, A.: An information security training and awareness approach (ISTAAP) to instil an information security-positive culture. In: Proc. 9th Int. Symp. Hum. Asp. Inf. Secur. Assur. HAISA 2015, pp. 95–107 (2015)

    Google Scholar 

  50. Da Veiga, A., Astakhova, L.V., Botha, A., Herselman, M.: Defining organisational information security culture—Perspectives from academia and industry. Comput. Secur. 92, 101713 (2020). https://doi.org/10.1016/j.cose.2020.101713

    Article  Google Scholar 

  51. Nasir, A., Abdullah Arshah, R., Ab Hamid, M.R.: A dimension-based information security culture model and its relationship with employees’ security behavior: A case study in Malaysian higher educational institutions. Inf. Secur. J. 28, 55–80 (2019). https://doi.org/10.1080/19393555.2019.1643956

    Article  Google Scholar 

  52. Tang, A., Han, J., Chen, P.: A comparative analysis of architecture frameworks. In: Proc. - Asia-Pacific Softw. Eng. Conf. APSEC, pp. 640–647 (2004). https://doi.org/10.1109/APSEC.2004.2

  53. Hassan, N.H., Maarop, N., Ismail, Z., Abidin, W.Z.: Information security culture in health informatics environment: A qualitative approach. Int. Conf. Res. Innov. Inf. Syst. ICRIIS. 1–6 (2017). https://doi.org/10.1109/ICRIIS.2017.8002450

  54. AlKalbani, A., Deng, H., Kam, B.: Organisational security culture and information security compliance for e-government development: The moderating effect of social pressure (2015)

    Google Scholar 

  55. Nasir, A., Arshah, R.A., Hamid, M.R.A.: Information security culture for guiding employee’s security behaviour: a pilot study. In: 2020 6th IEEE Int. Conf. Inf. Manag. ICIM 2020, pp. 205–209 (2020). https://doi.org/10.1109/ICIM49319.2020.244699

  56. DaVeiga, A.: An approach to information security culture change combining ADKAR and the ISCA questionnaire to aid transition to the desired culture. Inf. Comput. Secur. 26, 584–612 (2018). https://doi.org/10.1108/ICS-08-2017-0056

    Article  Google Scholar 

  57. Govender, S., Kritzinger, E., Loock, M.: The influence of national culture on information security culture. In: 2016 IST-Africa Conf. IST-Africa 2016, pp. 1–9 (2016). https://doi.org/10.1109/ISTAFRICA.2016.7530607

Download references

Author information

Authors and Affiliations

  1. School of Computing, College of Science, Engineering and Technology, University of South Africa (UNISA), Florida Campus, Johannesburg, South Africa

    Victor Reppoh & Adéle da Veiga

  2. Information Technology Management (ITM), World Health Organization – Zimbabwe, Harare, Zimbabwe

    Victor Reppoh

Authors
  1. Victor Reppoh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Adéle da Veiga
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Victor Reppoh .

Editor information

Editors and Affiliations

  1. University of Plymouth, Plymouth, UK

    Nathan Clarke

  2. University of Nottingham, Nottingham, UK

    Steven Furnell

Rights and permissions

Reprints and permissions

Copyright information

© 2022 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Reppoh, V., da Veiga, A. (2022). Cyber4Dev Security Culture Model for African Countries. In: Clarke, N., Furnell, S. (eds) Human Aspects of Information Security and Assurance. HAISA 2022. IFIP Advances in Information and Communication Technology, vol 658. Springer, Cham. https://doi.org/10.1007/978-3-031-12172-2_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-12172-2_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-12171-5

  • Online ISBN: 978-3-031-12172-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation