Embedding information security culture emerging concerns and challenges

Abstract

The behaviour of employees has been identified as a key factor in the protection of organizational information. As such, many researchers have called for information security culture (ISC) to be embedded into organizations to positively influence employee behaviour towards protecting organizational information. Despite claims that ISC may influence employee behaviours to protect organizational information, there is little empirical work that examines the embedding of ISC into organizations. This paper argues that embedding ISC should not only focus on employee behaviour, but rather in a holistic manner, involve everyone in the organization. The argument is developed through case studies in t..