The impacts of organizational culture on information security culture: a case study

Information security cannot rely solely on technology. More attention must be drawn to the users' behavioral perspectives regarding information security. In this study, we propose that a culture encouraging employees to comply with information policies related to collecting, preserving, disseminating and managing information will improve information security. Information security culture is believed to be influenced by an organization's corporate culture (or organizational culture). We examine how this occurs through an in-depth case study of a large organization. We present a relationship map for organizational culture and information security practices. Six propositions are drawn from the findings of our interviews and discussions. Managerial insights, such as how to measure an organization's information security culture and subsequently determine what perspective(s) is important for the organization to improve, are also discussed.