Implementation: four stages should be used to implement the information security culture.Operative Planning: set a good security culture based on internal communication, management-buy-in, and security awareness and training program.Clustering people is helpful to achieve it. Strategic Planning: to come up with a better awareness-program, we need to set clear targets.Pre-Evaluation: to identify the awareness of information security within employees and to analyse current security policy.In "Information Security Culture from Analysis to Change," authors commented that "it's a never ending process, a cycle of evaluation and change or maintenance." They suggest that to manage information security culture, five steps should be taken: Pre-evaluation, strategic planning, operative planning, implementation, and post-evaluation. Research shows Information security culture needs to be improved continuously. "Exploring the Relationship between Organizational Culture and Information Security Culture" provides the following definition of information security culture: "ISC is the totality of patterns of behavior in an organization that contribute to the protection of information of all kinds." Īndersson and Reimers (2014) found that employees often do not see themselves as part of the organization Information Security "effort" and often take actions that ignore organizational information security best interests. Cultural concepts can help different segments of the organization work effectively or work against effectiveness towards information security within an organization. Security information and event management (SIEM)Įmployee behaviour can have a big impact on information security in organizations.Host-based intrusion detection system (HIDS).
0 kommentar(er)
