Skip to main content
Article thumbnail
Location of Repository

Information Security management: A human challenge?

By Debi Ashenden


This paper considers to what extent the management of Information Security is a human challenge. It suggests that the human challenge lies in accepting that individuals in the organisation have not only an identity conferred by their role but also a personal and social identity that they bring with them to work. The challenge that faces organisations is to manage this while trying to achieve the optimum configuration of resources in order to meet business objectives. The paper considers the challenges for Information Security from an organisational perspective and develops an argument that builds on research from the fields of management and organisational behaviour. It concludes that the human challenge of Information Security management has largely been neglected and suggests that to address the issue we need to look at the skills needed to change organisational culture, the identity of the Information Security Manager and effective communication between Information Security Managers, end users and Senior Managers

Topics: Information Security, Management, Organisational culture, Human factors, Change management, Communication, Awareness
Publisher: Elsevier
Year: 2008
DOI identifier: 10.1016/j.istr.2008.10.006
OAI identifier:
Provided by: Cranfield CERES

Suggested articles


  1. (2008). From Corporate Bully to Security Cheerleader: Transforming the Identity of the CISO’, (draft paper),
  2. (2007). Perception of risk and the strategic impact of existing IT on information security strategy at board level’ doi

To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.