Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Organizational Security Culture 
Eric Vanderburg 
June 23, 2007
Introduction
Research Question
Existing Research 
• Jerome Want 
– Want, J. (2006). Corporate Culture: Illuminating the Black Hole. 
New York, NY: St. Ma...
Edgar H. Schein 
Three levels for understanding and identifying 
corporate culture 
Schein, E.H. (1999). The Corporate Cul...
Eight cultural dimensions 
Chia, P. A., Ruighaver, A.B., Maynard, S.B. (2002), Understanding 
Organisational Security Cult...
Value (Rationale for Research) 
• Infinity multiplied by 0 is 0 
The best security plans, most talented associates, and br...
Upcoming SlideShare
Loading in …5
×

Organizational security culture - Eric Vanderburg

675 views

Published on

Organizational security culture - Eric Vanderburg

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Organizational security culture - Eric Vanderburg

  1. 1. Organizational Security Culture Eric Vanderburg June 23, 2007
  2. 2. Introduction
  3. 3. Research Question
  4. 4. Existing Research • Jerome Want – Want, J. (2006). Corporate Culture: Illuminating the Black Hole. New York, NY: St. Martin’s Press. – Analyzes how different cultures respond to change • Michael Caloyannides – Caloyannides, M. (2004). Enhancing Security: Not for the Conformist. IEEE Security and Privacy, 2(6), 86-88. – Essential characteristics for security personnel – Cites lack of these characteristics in current generation • Edgar Schein • Chia, Ruighaver, & Maynard
  5. 5. Edgar H. Schein Three levels for understanding and identifying corporate culture Schein, E.H. (1999). The Corporate Culture Survival Guide: Sense and Nonsense About Cultural Change. San Francisco, CA: Jossey-Bass Publishers.
  6. 6. Eight cultural dimensions Chia, P. A., Ruighaver, A.B., Maynard, S.B. (2002), Understanding Organisational Security Culture. Proceedings from PACIS2002: The 6th Pacific Asia Conference on Information Systems, Tokyo, Japan.
  7. 7. Value (Rationale for Research) • Infinity multiplied by 0 is 0 The best security plans, most talented associates, and brilliant leadership combined with an incompatible security culture results in bad security. • Security is clearly lacking – Below: percentage of US firms not in compliance Regulation 2005 2006 California database breach notification act 15% 15% Sarbanes-Oxley 38% 28% HIPPA 38% 40% GLBA 17% 14% Other state/local privacy regulations 10% 32% Source: The State of Information Security 2006 worldwide study by CIO Magazine and PricewaterhouseCoopers

×