SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.
SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.
Successfully reported this slideshow.
Activate your 14 day free trial to unlock unlimited reading.
4.
Existing Research
• Jerome Want
– Want, J. (2006). Corporate Culture: Illuminating the Black Hole.
New York, NY: St. Martin’s Press.
– Analyzes how different cultures respond to change
• Michael Caloyannides
– Caloyannides, M. (2004). Enhancing Security: Not for the
Conformist. IEEE Security and Privacy, 2(6), 86-88.
– Essential characteristics for security personnel
– Cites lack of these characteristics in current generation
• Edgar Schein
• Chia, Ruighaver, & Maynard
5.
Edgar H. Schein
Three levels for understanding and identifying
corporate culture
Schein, E.H. (1999). The Corporate Culture Survival Guide:
Sense and Nonsense About Cultural Change. San Francisco, CA:
Jossey-Bass Publishers.
6.
Eight cultural dimensions
Chia, P. A., Ruighaver, A.B., Maynard, S.B. (2002), Understanding
Organisational Security Culture. Proceedings from PACIS2002:
The 6th Pacific Asia Conference on Information Systems, Tokyo,
Japan.
7.
Value (Rationale for Research)
• Infinity multiplied by 0 is 0
The best security plans, most talented associates, and brilliant
leadership combined with an incompatible security culture results in
bad security.
• Security is clearly lacking – Below: percentage of US firms not in
compliance
Regulation 2005 2006
California database breach notification act 15% 15%
Sarbanes-Oxley 38% 28%
HIPPA 38% 40%
GLBA 17% 14%
Other state/local privacy regulations 10% 32%
Source: The State of Information Security 2006 worldwide study by CIO
Magazine and PricewaterhouseCoopers