An empirical analysis of the information security culture key factors framework

Journal article

Tolah, Alaa, Furnell, Steven and Papadaki, Maria 2021. An empirical analysis of the information security culture key factors framework. Computers & Security.
AuthorsTolah, Alaa, Furnell, Steven and Papadaki, Maria

Information security is a challenge facing organisations, as security breaches pose a serious threat to sensitive information. Organisations face security risks in relation to their information assets, which may also stem from their own employees. Organisations need to focus on employee behaviour to limit security failures, as if they wish to establish effective security culture with employees acting as a natural safeguard for information assets. This study was conducted to respond to a need for more empirical studies that focus on a development of security culture to provide a comprehensive framework. The Information Security Culture and Key Factors Framework has been developed, incorporating two types of factors: those that influence security culture and those that reflect it. This paper validates the applicability of the framework and tests related hypotheses through an empirical study. An exploratory survey was conducted, and 266 valid responses were obtained. Phase two of the study demonstrates the framework levels of validity and reliability through the use of factor analysis. Different hypothetical correlations were analysed through the use of structural equation modelling, with indirect exploratory effect of the moderators achieved through a multi-group analysis. The findings show that the framework has validity and achieved an acceptable fit with the data. This study fills an important gap in the significant relationship between personality traits and security culture. It also contributes to the improvement of information security management through the introduction of a comprehensive framework in practice, which functions in the establishment of security culture. The factors are vital in justifying security culture acceptance, and the framework provides an important tool that can be used to assess and improve an organisational security culture.

KeywordsCulture framework; Information security culture; Human factors; Employee behaviour; Quantitively study
JournalComputers & Security
Digital Object Identifier (DOI)
Web address (URL)
Publication dates05 Jun 2021
Publication process dates
Deposited15 Jul 2021, 14:28
Accepted29 May 2021
ContributorsUniversity of Plymouth, Saudi Electronic University, Riyadh, Saudi Arabia, University of Nottingham, University of Derby and Nelson Mandela University, Gqeberha, South Africa
File Access Level
Permalink -

Download files

  • 18
    total views
  • 0
    total downloads
  • 1
    views this month
  • 0
    downloads this month

Export as

Related outputs

A collaborative approach for national cybersecurity incident management
Oriola, Oluwafemi, Adeyemo, Adesesan Barnabas, Papadaki, Maria and Kotzé, Eduan 2021. A collaborative approach for national cybersecurity incident management. Information and Computer Security. ahead-of-print (ahead-of-print).