Successfully reported this slideshow.

Organizational security culture - Eric Vanderburg

1

Share

Upcoming SlideShare
Security Culture
Security Culture
Loading in …3
×
1 of 7
1 of 7

More Related Content

Related Books

Free with a 14 day trial from Scribd

See all

Organizational security culture - Eric Vanderburg

  1. 1. Organizational Security Culture Eric Vanderburg June 23, 2007
  2. 2. Introduction
  3. 3. Research Question
  4. 4. Existing Research • Jerome Want – Want, J. (2006). Corporate Culture: Illuminating the Black Hole. New York, NY: St. Martin’s Press. – Analyzes how different cultures respond to change • Michael Caloyannides – Caloyannides, M. (2004). Enhancing Security: Not for the Conformist. IEEE Security and Privacy, 2(6), 86-88. – Essential characteristics for security personnel – Cites lack of these characteristics in current generation • Edgar Schein • Chia, Ruighaver, & Maynard
  5. 5. Edgar H. Schein Three levels for understanding and identifying corporate culture Schein, E.H. (1999). The Corporate Culture Survival Guide: Sense and Nonsense About Cultural Change. San Francisco, CA: Jossey-Bass Publishers.
  6. 6. Eight cultural dimensions Chia, P. A., Ruighaver, A.B., Maynard, S.B. (2002), Understanding Organisational Security Culture. Proceedings from PACIS2002: The 6th Pacific Asia Conference on Information Systems, Tokyo, Japan.
  7. 7. Value (Rationale for Research) • Infinity multiplied by 0 is 0 The best security plans, most talented associates, and brilliant leadership combined with an incompatible security culture results in bad security. • Security is clearly lacking – Below: percentage of US firms not in compliance Regulation 2005 2006 California database breach notification act 15% 15% Sarbanes-Oxley 38% 28% HIPPA 38% 40% GLBA 17% 14% Other state/local privacy regulations 10% 32% Source: The State of Information Security 2006 worldwide study by CIO Magazine and PricewaterhouseCoopers

×