Paper Info
Title
Fostering Information Security Culture in Small and Medium Size Enterprises: An Interpretive Study in Australia.
Abstract
By having an effective organisational information security culture where employees intuitively protect corporate information assets, small and medium size enterprises (SMEs) could improve information security. However, previous research has largely overlooked the development of such a culture for SMEs, and the national context in which SMEs operate. The paper explores this topic and provides key findings from an interpretive Australian study based on a literature review, two focus groups and three case studies. A holistic framework is provided for fostering an information security culture in SMEs in a national setting. The paper discusses key managerial challenges for SMEs attempting to develop such a culture. The main findings suggest that Australian SME owners do not provide sufficient support for information security due to insufficient awareness of its importance and may also be affected by national attitudes to risk. The paper concludes that Australian SME owners may benefit from adopting a risk-based approach to information security and should be educated about the potential strategic role of information technology and information security. The paper also identifies the value and difficulty of promoting a behavioural and learning approach to information security to complement traditional technological and managerial approaches. Implications for theory and practice are discussed.
Year
Venue
Field
2007
ECIS
Small and medium size enterprises,Information technology,Computer science,Asset (computer security),Knowledge management,Information security,Critical security studies,Enterprise information security architecture,Corporate security,Marketing,Focus group
DocType
Citations 
PageRank 
Conference
12
0.51
References 
Authors
18
3
Name
Order
Citations
PageRank
Sneza Dojkovski1120.51
Sharman Lichtenstein212114.91
Matthew J. Warren317450.28