Abstract
The behaviour of the employee has the potential to either strengthen or weaken security, and it is therefore vital to foster a culture of security within organizations. The hope is that such a culture will ensure that behaviour becomes more secure over time, essentially reducing security incidents. Organizations attempt to nurture such a culture, mostly by means of educating their employees and having a comprehensive set of regularly-updated security policies. They are required to carry out regular security audits. These are usually in the form of checkbox-type assessments, ascertaining that the organization has all the correct mechanisms in place to maximize security of information.We carried out an ethnographic investigation into the security culture of a single retail store that is part of a large nationwide organization in the United Kingdom. The study surprisingly revealed poor security culture, despite the organization as a whole seemingly following good practice with respect to education and policy.
| Original language | English |
|---|---|
| Title of host publication | Proceedings 2015 World Congress on Internet Security (WorldCIS) |
| Publisher | IEEE |
| Number of pages | 6 |
| ISBN (Print) | 9781467394833 |
| DOIs | |
| Publication status | Published - 16 Dec 2015 |
| Event | 2015 World Congress on Internet Security (WorldCIS) - Dublin, Ireland Duration: 19 Oct 2015 → 21 Oct 2015 |
Conference
| Conference | 2015 World Congress on Internet Security (WorldCIS) |
|---|---|
| Country/Territory | Ireland |
| City | Dublin |
| Period | 19/10/15 → 21/10/15 |
Keywords
- information security culture
- ethnographic study
- retail
- security behaviour
- behavioural sciences computing
- retail data processing
- security of data
- cultural aspects