Cybersecurity is an increasing concern for organizations. Reports indicate that most incidents stem from human factors and, fostering a desired cybersecurity culture (CSC) is a crucial strategy to minimize the risk. Research suggests that exploring CSC in an organizational context requires a theoretical foundation, with numerous theories offering diverse perspectives on studying CSC in various organizational contexts. Previous studies have proposed and utilized Schein's organizational culture framework to conceptualize, analyze, and understand organizational CSC. However, these studies have not addressed the dynamics of the framework's levels for fostering a desired CSC within an organizational context. The present study addresses this gap by adapting a framework based on Schein's organizational culture framework to use it as a foundation for fostering a desired cybersecurity culture in organizations. The adapted framework is structured into three interconnected levels (tiers): 1) Operations 2) Principles 3) Mindset. The study also explores the interplay of the adapted concepts to foster the desired CSC in an organization. The adapted framework provides a theoretical basis to explore CSC and insights for practitioners on shaping and sustaining a culture that prioritizes cybersecurity.
Adamu, Meseret Assefa; Niemimaa, Marko Ilmari; Spagnoletti, Paolo. (2025). Towards a Three-Tiered Framework for Fostering Organizational Cybersecurity Culture. In Marinos Themistocleous, Nikolaos Bakas, George Kokosalakis, Maria Papadaki (Eds.), Information Systems : 21st European, Mediterranean, and Middle Eastern Conference, EMCIS 2024, Athens, Greece, September 2–3, 2024, Proceedings, Part II (pp. 313-324). Springer. Isbn: 9783031813245. Isbn: 9783031813252. Doi: 10.1007/978-3-031-81325-2_22.
Towards a Three-Tiered Framework for Fostering Organizational Cybersecurity Culture
Spagnoletti, Paolo
2025
Abstract
Cybersecurity is an increasing concern for organizations. Reports indicate that most incidents stem from human factors and, fostering a desired cybersecurity culture (CSC) is a crucial strategy to minimize the risk. Research suggests that exploring CSC in an organizational context requires a theoretical foundation, with numerous theories offering diverse perspectives on studying CSC in various organizational contexts. Previous studies have proposed and utilized Schein's organizational culture framework to conceptualize, analyze, and understand organizational CSC. However, these studies have not addressed the dynamics of the framework's levels for fostering a desired CSC within an organizational context. The present study addresses this gap by adapting a framework based on Schein's organizational culture framework to use it as a foundation for fostering a desired cybersecurity culture in organizations. The adapted framework is structured into three interconnected levels (tiers): 1) Operations 2) Principles 3) Mindset. The study also explores the interplay of the adapted concepts to foster the desired CSC in an organization. The adapted framework provides a theoretical basis to explore CSC and insights for practitioners on shaping and sustaining a culture that prioritizes cybersecurity.
| File | Dimensione | Formato | |
|---|---|---|---|
|
44b973ea-a506-f661-3356-5662d49f1ab6.pdf
Solo gestori archivio
Tipologia:
Versione dell'editore
Licenza:
Tutti i diritti riservati
Dimensione
781.48 kB
Formato
Adobe PDF
|
781.48 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
