Cybersecurity Education for Awareness and Compliance Noted as an /GI Global Core Reference Title in Security & Forensics for 2019.

A security culture can be a competitive advantage when employees uphold strong values for the protection of information and exhibit behavior that is in compliance with policies, thereby introducing minimal incidents and breaches. The security culture in an organization might, though, not be similar among departments, job levels, or even generation groups. It can pose a risk when it is not conducive to the protection of information and when security incidents and breaches occur due to employee error or negligence. This chapter aims to give organizations an overview of the concept of security culture, the factors that could influence it, an approach to assess the security culture, and to prioritize and tailor interventions for high-risk areas. The outcome of the security culture assessment can be used as input to define security awareness, training, and education programs aiding employees to exhibit behavior that is in compliance with security policies.School of Computin

The Behavioral Equivalence of Organizational Culture

Three decades of organizational cultural (OC) studies have seen change in both content and emphasis. This paper presents findings from an extensive review of literature on OC and highlights the relevance of OC with respect to individual, organizational, intra-organizational, industry and external environment related variables. The concept of organizational culture (OC) has traditionally focused on values and beliefs and has been considered to be relatively stable and enduring. But literature is less sanguine about the reciprocal evolution of culture through behaviors. This paper presents a behavioral perspective on OC and contributes to its emerging dynamic aspect. A behavioral model of OC is suggested and propositions are drawn to explain the dynamics involved.

Information Security Subcultures in Information Security Management: A Conceptual Framework

The rationale behind an organization’s information system is to provide access to its information resources and services anywhere anytime over networks. This need creates issues of security in the management of the information systems. The information system approach is socio-technical by nature, involving people and processes as well as technologies; hence, the culture and characteristics of the organization are factors in effective information security management. This implies that the concept of information management is multi-dimensional and includes the human, organizational and technological dimensions. Stemming from this information security culture is considered as an important factor in the management of information security in an organization by overcoming the problem with employees’ lack of compliance with information security management initiatives. However the security culture of an organization is based on the different security subcultures of different sections or subsections that have its basis on the training backgrounds of the individuals and or different tasks performed by each of the groups or a combination of both. This paper addresses information security from the management point of view paying close attention to the information security subculture as seen in the organizations and looks into different methods that the security subcultures can be studied in relation to information security management. Keywords: Information security management system, organizational culture, information security culture, information security subculture

"Not My Responsibility!" - A Comparative Case Study of Organizational Cybersecurity Subcultures

Despite significant technological advancements and the increasing sophistication of cyber- attacks in today’s modern society, organizations underestimate the human link in cybersecu- rity. Many still overlook that human behavior and decision-making are crucial in protecting sensitive information and mitigating risks. Organizations seemingly prioritize investigating time and resources into improving their technological cybersecurity measures rather than increasing the employees’ cybersecurity knowledge. These actions significantly impact the cybersecurity culture of the company. Cybersecurity culture refers to the shared values, beliefs, and actions of the employees in an organization that emphasize the importance of safeguarding digital assets, data, and systems against cyber threats. It encompasses the organization’s dedication, awareness, protocols, and ability to manage cybersecurity risks and promote a security-focused environment. Re- cent studies have primarily focused on discussing cybersecurity culture as a singular concept within an organization. This qualitative research aims to investigate the impact of cybersecurity subcultures within organizations. A systematic literature review was conducted to gain an overview of the existing theoretical background on cybersecurity subcultures. This process proved that there is a research gap in the topic of subcultures, as most of the current literature encompasses cybersecurity culture as a collective concept. Data was collected through semi-structured interviews with ten employees from two IT companies. Cybersecurity leaders from each company agreed that the sales and IT subcultures had the most significant differences; hence, employees from each subculture in both companies were interviewed. The results prove that the security leaders’ suspicions were correct. The sales subcultures need to gain more knowledge about cybersecurity. Cybersecurity measures are seen more as obstacles instead of improving their cybersecurity. There is also a significant need for more responsibility. They believe that someone better qualified will take care of their mistakes if they cause a cybersecurity incident. On the other hand, the IT subculture seems to understand cybersecurity better. They have comprehensive knowledge of the topic. However, they also share this uncertainty regarding responsibilities, stating they feel pressured to share their expertise with colleagues. This leaves them with limited time to complete their actual work tasks. They point to a lack of management responsibility as one of the critical reasons for this. This research sheds light on cybersecurity subcultures and challenges the notion that orga- nizations have only one cybersecurity culture. Organizations need to allocate their time and resources differently and acknowledge the significance of subcultures in maintaining overall cybersecurity. The findings and insights are meant to assist organizations in enhancing their cybersecurity operations and protocols

Sub-cultures effect on Information security culture in an organization

This study investigates the influence of subcultures on information security culture with-in organizations. The research focuses on the cultural and policy dimensions of infor-mation systems security and aims to explore how subcultures within an organization affect information security culture. The study employes a qualitative case study ap-proach, conducting interviews with employees from different departments of a Norwe-gian IT consultant company. The findings reveal variations in information security ownership, knowledge and awareness, and work goals and challenges among departments. The study emphasizes the need for tailored information security measures that consider the unique characteris-tics of each department. Collaboration and knowledge sharing between departments are identified as crucial for improving information security understanding and alignment with work goals. Flexibility and adaptability in information security policies and rou-tines are recommended to strike a balance between security and operational efficiency. The study contributes to the understanding of information security culture and provides practical insights for organizations to enhance their practices and policies. Further re-search is suggested to explore subcultures related to information security, examine alignment between work goals and information security across departments, and inves-tigate the long-term impact of security measures on organizational outcomes. Despite limitations such as sample size and participant selection, this study provides empirical insights into the relationship between subcultures, information security culture, and or-ganizational dynamics

Liberal ethnicity: beyond liberal nationalism and minority rights

This article tries to make the case for a variant of the good life based on a synthesis of liberalism and ethnicity. Liberal communitarianism's treatment of ethnicity tends to fall under the categories of either liberal culturalism or liberal nationalism. Both, it is argued, fail to come to terms with the reality of ethnic community, preferring instead to define ethnicity in an unrealistic, cosmopolitan manner. By contrast, this essay squarely confronts four practices that are central to ethnic communities: symbolic boundary-maintenance; exclusive and inflexible mythomoteurs ; the use of ancestry and race as boundary markers; and the desire among national groups to maintain their ethnic character. This article argues that none of these practices need contravene the tenets of liberalism as long as they are reconstructed so as to minimize entry criteria and decouple national ethnicity from the state. The notion of liberal ethnicity thereby constitutes an important synthesis of liberal and communitarian ends

AN ASSESSMENT OF ORGANIZATIONAL CLIMATE IN THE U.S. AIR FORCE’S 87 CONTRACTING SQUADRON UNIT

Collins and Garcia’s 2018 thesis, “A Thematic Assessment of The Organizational Climate in the Army’s Contracting Workforce,” explored the effects on retention and job satisfaction of contracting personnel. Their research suggested the analysis of other service organizational climates could yield a similar report to provide leaders with insights on improving current systemic issues concerning recruitment and retention goals. This thesis considers the culture at an Air Force contracting unit, explicitly focusing on the 87 Contracting Squadron (87CONS) and its 2020 organizational climate survey. The study found that organizational climate, culture, and job satisfaction significantly impacted how satisfied employees felt about their jobs and their willingness to stay with an organization. In addition, the data analyzed concluded that 87CONS’ leadership is focused on improving the organization’s climate and culture and consistently makes significant efforts to satisfy employee needs whenever possible. Last, the recommendations of this research circled around morale, environment, and organizational culture improvements by leadership, thereby providing a supplemental resource to leaders throughout, helping them formulate solutions on specific areas of concern within a particular organization.Civilian, Department of the Air ForceApproved for public release. Distribution is unlimited

Information Security Practices in Organizations: A Literature Review on Challenges and Related Measures

This paper reports a systematic literature review that explores challenges related to information security practices in organizations and the ways these challenges are managed to avoid security breaches. We focused on empirical evidence from extant research studies and identified four general challenges re-lated to: (1) security rules and procedures, (2) individual and personal risks, (3) culture and security awareness, and (4) organizational and power relations. To manage these risks, nine measures were prominent in the selected studies. Training and organizational collaboration across the hierarchical levels were widely used to enhance the security culture. In addition, awareness campaigns for the work-force, as well as continuously measuring and improving security initiatives were highly recommended. Our literature review points to the socio-technical aspects of information security. Although many or-ganizations have both administrative and technical infrastructures in place, they must also think about employee attitudes, knowledge, and behavior. Information systems research towards this direction needs to be further developed. More qualitative studies are needed for exploring how to develop a cul-ture of security awareness and for gaining insights on how security rules and training courses can become more appealing and accessible