This study examined contributing factors in the relationship between organizational culture and employee attitudes towards information security policy. Guiding the investigation was the question: To what extent, if any, is there a relationship between an organization’s cultural traits, as measured by the Organizational Culture Assessment Instrument (OCAI), and an employee’s attitude towards information security policy? This study was conducted within a very large worldwide manufacturing organization. The study’s primary focus was within the U.S.-based operations. A random sample of 1,000 employees was invited to participate in the study, with a 10.9% qualified response rate. Organizational culture traits and attitudes towards information security policies were the variables gathered and analyzed in the study. The study found that there
were statistically significant relationships between two of the organizational culture traits and employee attitudes towards information security policy. The relationships were opposite in nature with one cultural trait exhibiting an inverse relationship and the other cultural trait exhibiting an opposite, but positive relationship with attitudes towards information security policy. The present empirical findings have added to the
understanding of relationships between organizational culture traits and employee attitudes towards information security policy. The study contributes to the cultural makeup of an organization and how it influences employee attitudes, which can lead to better decisions on how to develop and implement information security policies.
Is cybersecurity research missing a trick? Integrating insights from the psychology of habit into research and practice.
The idea that people should form positive security habits is gaining increasing attention amongst security...