Fostering information security culture in small and medium size enterprises: an interpretive study in Australia

Dojkovski, S, Lichtenstein, Sharman and Warren, Matthew 2007, Fostering information security culture in small and medium size enterprises: an interpretive study in Australia, in Proceedings of the 15th European Conference on Information Systems, University of St. Gallen, St. Gallen, Switzerland, pp. 1560-1571.

Attached Files
Name Description MIMEType Size Downloads

Title Fostering information security culture in small and medium size enterprises: an interpretive study in Australia
Author(s) Dojkovski, S
Lichtenstein, Sharman
Warren, Matthew
Conference name 15th European Conference on Information Systems
Conference location St Gallen, Switzerland
Conference dates 7-9 June 2007
Title of proceedings Proceedings of the 15th European Conference on Information Systems
Editor(s) [Unknown]
Publication date 2007
Conference series European Conference on Information Systems
Start page 1560
End page 1571
Publisher University of St. Gallen
Place of publication St. Gallen, Switzerland
Keyword(s) information security culture
small and medium size enterprises
Summary By having an effective organisational information security culture where employees intuitively protect corporate information assets, small and medium size enterprises (SMEs) could improve information security. However, previous research has largely overlooked the development of such a culture for SMEs, and the national context in which SMEs operate. The paper explores this topic and provides key findings from an interpretive Australian study based on a literature review, two focus groups and three case studies. A holistic framework is provided for fostering an information security culture in SMEs in a national setting. The paper discusses key managerial challenges for SMEs attempting to develop such a culture. The main findings suggest that Australian SME owners do not provide sufficient support for information security due to insufficient awareness of its importance and may also be affected by national attitudes to risk. The paper concludes that Australian SME owners may benefit from adopting a risk-based approach to information security and should be educated about the potential strategic role of information technology and information security. The paper also identifies the value and difficulty of promoting a behavioural and learning approach to information security to complement traditional technological and managerial approaches. Implications for theory and practice are discussed.
Language eng
Field of Research 080609 Information Systems Management
HERDC Research category E1 Full written paper - refereed
Persistent URL http://hdl.handle.net/10536/DRO/DU:30008152

Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Versions
Version Filter Type
Access Statistics: 929 Abstract Views, 2 File Downloads  -  Detailed Statistics
Created: Mon, 29 Sep 2008, 09:05:10 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.