Understanding organizational security culture (original) (raw)

Based on a research model borrowed from organisational culture we conducted two explorative case studies to investigate how we can evaluate and improve the quality of the security culture in organisations. In this paper we described the differences in the security culture of these two organisations, and how their culture relates to their widely different security requirements. We identified two major problems with the security culture of one organisation, which according to anecdotal evidence will be commonly found in mainstream organisations with a low-level of security. We suggest that by being aware of these problems, and of the possible solutions we propose, these organisations will be able to significantly improve their security culture.