File(s) under permanent embargo

Fostering information security culture in small and medium size enterprises: an interpretive study in Australia

conference contribution
posted on 2007-01-01, 00:00 authored by Sneza Dojkovski, Sharman Lichtenstein, Matthew Warren
By having an effective organisational information security culture where employees intuitively protect corporate information assets, small and medium size enterprises (SMEs) could improve information security. However, previous research has largely overlooked the development of such a culture for SMEs, and the national context in which SMEs operate. The paper explores this topic and provides key findings from an interpretive Australian study based on a literature review, two focus groups and three case studies. A holistic framework is provided for fostering an information security culture in SMEs in a national setting. The paper discusses key managerial challenges for SMEs attempting to develop such a culture. The main findings suggest that Australian SME owners do not provide sufficient support for information security due to insufficient awareness of its importance and may also be affected by national attitudes to risk. The paper concludes that Australian SME owners may benefit from adopting a risk-based approach to information security and should be educated about the potential strategic role of information technology and information security. The paper also identifies the value and difficulty of promoting a behavioural and learning approach to information security to complement traditional technological and managerial approaches. Implications for theory and practice are discussed.



15th European Conference on Information Systems


1560 - 1571


University of St. Gallen


St Gallen, Switzerland

Place of publication

St. Gallen, Switzerland

Start date


End date




Publication classification

E1 Full written paper - refereed

Title of proceedings

Proceedings of the 15th European Conference on Information Systems

Usage metrics