Welcome to the InfoSci Platform
Reference Hub6
Information Security Culture: Towards an Instrument for Assessing Security Management Practices

Information Security Culture: Towards an Instrument for Assessing Security Management Practices

Joo S. Lim, Sean B. Maynard, Atif Ahmad, Shanton Chang
Copyright: © 2015 |Volume: 5 |Issue: 2 |Pages: 22
ISSN: 1947-3435|EISSN: 1947-3443|EISBN13: 9781466678927|DOI: 10.4018/IJCWT.2015040103
Cite Article Cite Article

MLA

Lim, Joo S., et al. "Information Security Culture: Towards an Instrument for Assessing Security Management Practices." IJCWT vol.5, no.2 2015: pp.31-52. http://doi.org/10.4018/IJCWT.2015040103

APA

Lim, J. S., Maynard, S. B., Ahmad, A., & Chang, S. (2015). Information Security Culture: Towards an Instrument for Assessing Security Management Practices. International Journal of Cyber Warfare and Terrorism (IJCWT), 5(2), 31-52. http://doi.org/10.4018/IJCWT.2015040103

Chicago

Lim, Joo S., et al. "Information Security Culture: Towards an Instrument for Assessing Security Management Practices," International Journal of Cyber Warfare and Terrorism (IJCWT) 5, no.2: 31-52. http://doi.org/10.4018/IJCWT.2015040103

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

There is considerable literature in the area of information security management (ISM). However, from an organizational viewpoint, the collective body of literature does not present a coherent, unified view of recommended security management practices. In particular, despite the existence of ‘best-practice' standards on information security management, organizations have no way of evaluating the reliability or objectivity of the recommended practices as they do not provide any underlying reasoning or justification. This paper is a first step towards the development of rigorous and formal instruments of measurement by which organizations can assess their security management practices. The paper identifies nine security practice constructs from the literature and develops measurement items for organizations to assess the adequacy of their security management practices. The study uses a multiple case study approach followed by interviews with a panel of four security experts to validate and refine these security practice constructs and their associated measures.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.