Information Security Culture: Literature Review and Gap Identification

Verified

Added on 2023/03/21

AI Summary

This report presents a literature review on information security culture, examining its various aspects and impact on businesses, particularly in the context of the Internet of Things (IoT). The review explores the significance of human behavior in managing information security risks within the IoT environment, highlighting the interconnectedness of devices, data, systems, and people. It analyzes the efficiency of security awareness programs for businesses and individuals. The report identifies gaps in the existing literature, such as the oversight of privacy breaches, over-reliance on technology, and the human dimension of security, which is often disregarded in favor of procedural and technical measures. The study aims to shift the paradigm from technical approaches to a socio-cultural one, emphasizing the user as a crucial resource for security rather than an enemy. The report references key studies and articles to support its findings.

Running head: INFORMATION SECURITY CULTURE
Information security culture
Name of the student:
Name of the university:
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1INFORMATION SECURITY CULTURE
Literature review with gap identification on information security culture:
The culture of information security provides guidance regarding various aspects are
performed in any business. This is in terms of information security. This aims to sure the data
resources and influencing the security behaviour of the employees.
In the following study, a literature review is done with identification of gaps. This includes
the environment of the Internet of Things. Next, the significance of human behaviour to manage the
risks of information security under the IoT environment is analyzed here. Further, there is the rise of
efficiency of programs of security awareness for business and individuals.
1. Understanding the user behaviour framework under the environment of the
Internet of Things:
AlHogail (2015) states that suitable use and social behaviour as we create the Internet of
Things of IoT. This has been rousingly interconnected under the environment of cyber-biological
and physical scenario. This links people, data, systems and devices. The IoT, at his best, has the
efficiency of generating the integrated ecosystem. This can react to the spectrum of necessities. This
has been rising the scopes and efficiencies. Further, people are empowered with the help of
technology. This also includes the overall technology with intelligence. At the worst case, the IoT is
able to open the box of Pandora with unsafe and inappropriate behaviour, intrusiveness and
unintended consequences.
Information security:
The IoT or Internet of Things devices has been quickly turning ubiquitous. This has been as
the IoT services have been turning to pervasive. The cyber-attacks have been new to IoT and has

2INFORMATION SECURITY CULTURE
been deeply interwoven for the users. Hence, it has turned into an essential step and consider cyber
defence in a serious manner as highlighted by Flores and Ekstedt (2016).
Risk management:
Risk management is a set of practice and process utilized for determining the limits and
potential risks for adverse outcomes. IT risk management is applicable to the practices of risk
management. It manages the risk of business that has involved every facet regarding ho the business
can utilize the technology. Da Veiga and Martins (2015) there is a notable rise in IoT that has
drastically raised the quantity of risk management. This has also involved the challenges of security
with the face of business. Next, the cybercriminals have launched potentially harmful risks. Further,
Parsons et al. (2015) also shows that the number of devices that require security has also been rising
as the IoT has been expanding.
Security behaviour:
There are various issues that secure IoT devices. This assures end-to-end security under the
environment of IoT. Safa Von Solms and Furnell (2016) identifies that since the concept of the
appliances of networking and additional objectives has been considered innovative. The security is
no seen as the topmost priority. Here, the other elements have been relatively new. Here, the security
has not always been seen as the topmost priority as the phase of the product design. Moreover, IoT is
currently a nascent market. Hence, various manufacturers and designers have been interested in
getting products for market quality. This is instead of considering the essential steps to create
security from the beginning.

3INFORMATION SECURITY CULTURE
2. Significance of human behaviour in managing risks of information security
under the IoT environment:
The data of consumer IoT can be used in different manners. This is helpful to provide the
signals of proximity for making the payments smaller and then authenticate the manufactured goods.
It has been helpful to provide the place based metric with media optimization. Further, it has been
helpful to deliver optimization and event-based metrics. Further, Safa et al. (2015) mentions that it
has been providing the signal for various measurements of closed loops of the consumer path in
purchasing. The human behaviour can continue to heighten the experience of consumers and ten
personalize the messaging and contents and various experiences. This is to access as the data of IoT
data expands. Having the objects that are connected with consumers, the human begins can gain the
data in the dimension of self-data and quantitative contexts that have not been available previously
as explained by AlKalbani, Deng and Kam (2015).
3. Rise of efficiency of the security awareness program for business and
individuals:
Martins and da Veiga (2015) explains that this can be done through complying with the
federal and local regulations and laws. Then all the elements must be getting on board with the
overall organization. Further, a necessary baseline of the analysis must be established. Further, a
system that has clear communication regarding the program must be created. Then, one must make
the training to be intriguing with a minimum of bit entertaining. Further, there should be repeating,
reviewing and enforcing. Lastly, a culture of motivation and reinforcement must be developed or
constant learning and vigilance.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4INFORMATION SECURITY CULTURE
4. Gaps in the present literature:
The above literature never talks about the breach of privacy, over the dependability of the
technology and loss of jobs. As anything has been put over the Online, it is always present there.
Further, study overlooks the security measures for protecting data and the possibility of the hackers
who have been breaking the system and then stealing the data. As there is only one business, that can
give rise to a monopoly. Further, the literature has skipped other argument against the IoT on the
over-reliance of technology. Since the time progresses, the present generation has risen up with
ready availability of the technology and the Internet. Apart from this, there is a dependency on the
technology on a regular basis that is overlooked in the analysis. This is done to undertake decisions
through the data that has been given rise to the lead of devastation.
The management of information security has been disregarding the human dimension. Here,
the primary focus has been on procedural and technical measures. Here, the user has been witnessed
as the enemy of security and never the resource of the security. In the above study, various concerns
are addressed that has been merging form the sight. This one can suggest the shift in paradigm form
various technical approaches towards the socio-cultural one. It is from the user is my enemy and the
user if the security resource approach. The study helps in understanding the idea of corporate culture
and display the exemplary of the instances of security culture.

5INFORMATION SECURITY CULTURE
References:
[1] A. AlHogail, Design and validation of information security culture framework. Computers in
Human Behavior, 2015, 49, pp.567-575.
[2] W.R. Flores and M. Ekstedt, M., Shaping intention to resist social engineering through
transformational leadership, information security culture and awareness. computers & security,
2016, 59, pp.26-44.
[3] A. Da Veiga and N. Martins, N, Improving the information security culture through monitoring
and implementation actions illustrated through a case study. Computers & Security,2015, 49,
pp.162-176.
[4] K.M. Parsons, E. Young, M.A. Butavicius, A. McCormac, M.R. Pattinson, and C. Jerram, The
influence of organizational information security culture on information security decision making.
Journal of Cognitive Engineering and Decision Making, 2015, 9(2), pp.117-129.
[5] N.S. Safa, R. Von Solms, and S. Furnell, Information security policy compliance model in
organizations. Computers & Security, 2016, 56, pp.70-82.
[6] N.S. Safa, M. Sookhak, R. Von Solms, S. Furnell, N.A. Ghani and T. Herawan, T, Information
security conscious care behaviour formation in organizations. Computers & Security, 2015, 53,
pp.65-78.
[7] A. AlKalbani, H. Deng and B. Kam, Organisational Security Culture and Information Security
Compliance for E-Government Development: The Moderating Effect of Social Pressure. In PACIS,
215, July (p. 65).

6INFORMATION SECURITY CULTURE
[8] N. Martins and A. da Veiga, A., An Information Security Culture Model Validated with
Structural Equation Modelling. In HAISA, 2015 (pp. 11-21).