Information Security Service Culture - Information Security for End-users
Rahul Rastogi (Nelson Mandela Metropolitan University, South Africa)
Rossouw von Solms (Nelson Mandela Metropolitan University, South Africa)
Abstract: Information security culture has been found to have a profound influence on the compliance of end-users to information security policies and controls in their organization. Similarly, a complementary aspect of information security is the culture of information security managers and developers in the organization. This paper calls this is as the 'information security service culture' (ISSC). ISSC shapes and guides the behaviour of information security managers and developers as they formulate information security policies and controls. Thus, ISSC has profound influence on the nature of these policies and controls and thereby on the interaction of end-users with these artefacts. ISSC is useful in transforming information security managers and developers from their present-day technology-focused approach to an end-user centric approach.
Keywords: ISSC, Information security culture, culture, information security management, information security service culture
Categories: H.3.1, H.3.2, H.3.3, H.3.7, H.5.1