Skip to main content
Springer Nature Link
Log in

Relationship Between Culture and User Behavior in the Context of Information Security Systems: A Qualitative Study in SMEs

  • Conference paper
  • First Online:
Digital Economy. Emerging Technologies and Business Innovation (ICDEc 2022)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 461))

Included in the following conference series:

  • 565 Accesses

Abstract

This paper examines the relationship between information system (IS) security culture and IS user security behaviors, which is little examined in the literature [1]. This article first goes through a review of literature in the field of information security systems, then the proposal of a framework based on [2] three-level culture model and finally the presentation of a qualitative study conducted with twenty-two users from eight French small and medium enterprises (SMEs). The results of this study show that there is a strong relationship between IS security culture and user behaviors related to IS security, in the sense that a positive security culture is conducive to creating security behaviors.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Akhyari, N., Ruzaini, A., Mohd, R.A.: A dimension-based information security culture model and its relationship with employees’ security behavior: a case study in Malaysian higher educational institutions. Information Security Journal: A Global Perspective (2019)

    Google Scholar 

  2. Schein, E.H.: Organizational Culture and Leadership, pp. 358. Jossey-Bass, Publishers, San Francisco (1985)

    Google Scholar 

  3. Laudon, K., Laudon, J., Fimbel, E., Costa, S. : Management des systèmes d’information. Pearson, 551 (2010)

    Google Scholar 

  4. Moon, Y.J., Choi, M., Armstrong, D.J.: The impact of relational leadership and social alignment on information security system effectiveness in Korean governmental organizations. Int. J. Inf. Manage. 40(2018), 54–66 (2018)

    Article  Google Scholar 

  5. Silic, M., Lowry, P.B.: Using design-science based gamification to improve organizational security training and compliance. J. Manag. Inf. Syst. 37(1), 129–161 (2020)

    Article  Google Scholar 

  6. Tolah, A., Steven, M. Furnell, S., Papadaki, M.: An empirical analysis of the information security culture key factors framework. Comput. Secur. 108, 102354 (2021). ISSN 0167-4048

    Google Scholar 

  7. Martins, N., Da Veiga, A.: An Information security culture model validated with structural equation modelling. In: Proceedings of the 9th International Symposium on Human Aspects of Information Security and Assurance, HAISA 2015, Haisa, 11–21 (2015)

    Google Scholar 

  8. Da Veiga, A., Astakhova, L.V., Botha, A., Herselman, M.: Defining organizational information security culture-perspectives from academia and industry. Comput. Secur. 92, 101713 (2020)

    Article  Google Scholar 

  9. Wiley, A., McCormac, A., Calic, D.: More than the individual: examining the relationship between culture and information security awareness. Comput. Secur. 88 (2020)

    Google Scholar 

  10. Parsons, K.M., Young, E., Butavicius, M.A., McCormac, A., Pattinson, M.R., Jerram, C.: The influence of organizational information security culture on information security decision making. J. Cogn. Eng. Decis. Mak. 9(2), 117–129 (2015). https://doi.org/10.1177/1555343415575152

    Article  Google Scholar 

  11. Thomson, K.L., Von Solms, R., Louw, L.: Cultivating an organizational information security culture. Comput. Fraud Secur. 7–11 (2006). October 2006

    Google Scholar 

  12. Ngo, L., Zhou W., Warren, M.: Understanding transition towards information security culture change. In : Proceeding of the 3rd Australian Computer, Network and Information Forensics Conference, Edith Cowan University, School of Computer and Information Science, pp. 67–73 (2005)

    Google Scholar 

  13. Karlson, F., Astrom, J., Karlson, M.: Information security culture – state-of-the-art review between 2000 and 2013. Inf. Comput. Secur. 23(3) (2015)

    Google Scholar 

  14. Hofstede, G.H.: Cultures and Organizations : Software of the Mind. McGraw-Hill, New York (1997)

    Google Scholar 

  15. Schein, E.H. : Organizational Culture and Leadership, vol. 2. John Wiley & Sons (2010)

    Google Scholar 

  16. Schlienger, T., Teufel, S.: Information security culture: the socio-cultural dimension in information security management, security in the information society: visions and perspectives. In: IFIP TC11 International Conference on Information Security (Sec2002). Kluwer Academic Publishers, Cairo, Egypt (2002)

    Google Scholar 

  17. Kokolakis, S., Karyda, M., Kiountouzis, E.: The insider threat to information systems and the effectiveness of ISO17799. Computer Security 24(6), 472–484 (2005)

    Article  Google Scholar 

  18. Tang, M., Li, M., Zhang, T.: The impacts of organizational culture on information security culture: a case study. Inf. Technol. Manage. 17(2), 179–186 (2015). https://doi.org/10.1007/s10799-015-0252-2

    Article  Google Scholar 

  19. Solomon, G., Brown, I.: The influence of organizational culture and information security culture on employee compliance behaviour. J. Enterp. Inf. Manag. 34(4), 1203–1228 (2020)

    Article  Google Scholar 

  20. Tolah, A., Furnell, S.M., Papadaki, M.: A comprehensive framework for cultivating and assessing information security culture. In: The Eleventh International Symposium on Human Aspects of Information Security & Assurance (HAISA), HAISA 2017, pp. 52–64 (2017)

    Google Scholar 

  21. Alnatheer, M., Chan, T., Nelson, K.: Understanding and measuring information security culture. In: Pacific Asia Conference on Information Systems, pp. 144 (2012)

    Google Scholar 

  22. Da Veiga, A., Martins, N.: Defining and identifying dominant information security cultures and subcultures. Comput. Secur. 70, 72–94 (2017)

    Article  Google Scholar 

  23. Haeussinger, F., Kranz, J.: Information security awareness: its antecedents and mediating effects on security compliant behavior. In: Proceedings of the International Conference on Information Systems, ICIS 2013, Milan, Italy (2013)

    Google Scholar 

  24. D’Arcy, J., Greene, G.: The multifaceted nature of security culture and its influence on end user behavior. In: IFIP TC 8 International Workshop on Information Systems Security Research, pp. 145–157 (2009)

    Google Scholar 

  25. Kuusisto, T., Ilvonen, I.: Information security culture in small and medium size entreprises. Frontiers of E-business research, Tampere University of Technology: University of Tampere, Finland (2003)

    Google Scholar 

  26. Santos-Olmo, A., Sánchez, L.E., Caballero, I., Camacho, S., Fernandez-Medina, E.: the importance of the security culture in SMEs as regards the correct management of the security of their assets. Future Internet 8, 30 (2016)

    Article  Google Scholar 

  27. Dojkovski, S., Lichtenstein, S., Warren, M.: Fostering information security culture in small and medium size enterprises: an interpretive study in Australia. In: European Conference on Information Systems (ECIS) (2007)

    Google Scholar 

  28. Davis, F.D., Bagozzi, R.P., Warshaw, P.R.: User acceptance of computer technology: a comparison of two theoretical models. Manag. Sci. 982–1002 (1989)

    Google Scholar 

  29. Ajzen, I.: The theory of planned behavior. Organ. Behav. Hum. Decis. Process. 50(2), 179–211 (1991)

    Article  Google Scholar 

  30. Padayachee, K.: Taxonomy of compliant information security behavior. Comput. Secur. 31(5), 673–680 (2012)

    Article  Google Scholar 

  31. D’Arcy, J., Greene, G.: Security culture and the employment relationship as drivers of employees’ security compliance. Inf. Manag. Comput. Secur. 22, 474–489 (2014)

    Article  Google Scholar 

  32. Nasir, A., Arshah, R.A., Hamid A.M.R.: A dimension-based information security culture model and its relationship with employees’ security behavior: a case study in Malaysian higher educational institutions. Information Security Journal: A Global Perspective 28(3) (2019)

    Google Scholar 

  33. Wacheux, F.: Méthodes Qualitatives et Recherche en Gestion. Economica, Paris (1996)

    Google Scholar 

  34. Yin, R.K.: Applications of Case Study Research (Applied Social Research Methods). Sage Publications, Inc. (2003)

    Google Scholar 

  35. Flores, W.R., Ekstedt, M.: Shaping intention to resist social engineering through transformational leadership information security culture and awareness. Comput. Secur. 59, 26–44 (2016). ISSN 0167-4048

    Google Scholar 

  36. Connolly, L.Y., Lang, M., Gathegi J., Tygar, D.J.: Organizational culture, procedural countermeasures, and employee security behaviour: a qualitative stud. Inf. Comput. Secur. 25 (2017)

    Google Scholar 

  37. Miltgen, C.L., Peyrat-Guillard, D.: Cultural and generational influences on privacy concerns: a qualitative study in seven European countries. Eur. J. Inf. Syst. 23(2), 103–125 (2014)

    Article  Google Scholar 

  38. Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L.F., Downs, J.: Who falls for phishing?: a demographic analysis of phishing susceptibility and effectiveness of interventions In: Proceedings of the Sigchi Conference on Human Factors in Computing Systems. ACM, pp. 372–382 (2010)

    Google Scholar 

  39. Guo, K.H., Yufei, Y.: The effects of multilevel sanctions on information security violations: A mediating model. Inf. Manag. 49(6 (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Nantes University, Nantes, France

    Olfa Ismail

Authors
  1. Olfa Ismail
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Olfa Ismail .

Editor information

Editors and Affiliations

  1. University of Manouba, Manouba, Tunisia

    Mohamed Anis Bach Tobji

  2. University of Manouba, Manouba, Tunisia

    Rim Jallouli

  3. Bucharest Business School, Bucharest, Romania

    Vasile Alecsandru Strat

  4. University of Minho and CICS.NOVA.UMinho, Braga, Portugal

    Ana Maria Soares

  5. Bucharest University of Economic Studies, Bucharest, Romania

    Adriana Anamaria Davidescu

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ismail, O. (2022). Relationship Between Culture and User Behavior in the Context of Information Security Systems: A Qualitative Study in SMEs. In: Bach Tobji, M.A., Jallouli, R., Strat, V.A., Soares, A.M., Davidescu, A.A. (eds) Digital Economy. Emerging Technologies and Business Innovation. ICDEc 2022. Lecture Notes in Business Information Processing, vol 461. Springer, Cham. https://doi.org/10.1007/978-3-031-17037-9_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-17037-9_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-17036-2

  • Online ISBN: 978-3-031-17037-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics