Campus Access Only
All rights reserved. This publication is intended for use solely by faculty, students, and staff of Nova Southeastern University. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, now known or later developed, including but not limited to photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the author or the publisher.
Date of Award
Dissertation - NSU Access Only
Doctor of Philosophy in Information Systems (DISS)
Graduate School of Computer and Information Sciences
Gurvirender P Tejay
William L Hafner
Information systems are considered to be a critical and strategic part of most organizations today. Because of this it has become increasingly important to ensure that there is an effective information security program in place protecting those information systems. It has been well established by researchers that the success of an information security program is heavily dependent upon the actions of the organizational members that interact with the information security program. Because of the interaction between people and the information security program an appropriate information security culture is required to effectively influence and control the actions of the members within that organization.
While the importance of an information security culture has been well established by researchers there has been little research conducted to date that assist in understanding and managing information security culture within organizations. To expand the body of knowledge in this area this study will explore the information security culture of a large organization using interpretive case study methodology. The use of semi-structured interviews to collect data has allowed the researcher to report back their interpretation of shared meanings, consciousness, language and artifacts observed while at the research site. Structuration theory was applied as a theoretical lens with which to better understand information security culture and explore ways in which organizations can better understand and manage information security culture.
We found structures of signification and legitimacy were the most influential on employee's behavior towards information security. While the structure of domination exerted minimal influence over employee's behavior.
This research study contributes to the existing body of knowledge regarding information security culture by examining the role of structural properties exhibited within information security culture. Structural properties of information security culture have not been adequately considered within the existing literature. By expanding our understanding of the role of social structures such as systems of meaning, power and legitimacy on information security culture researchers will have a deeper understanding of this phenomena call information security culture. This will enable us to better understand how to develop and manage an appropriate information security culture.
Donald Arlo Bess. 2012. Understanding Information Security Culture in an Organization: An Interpretive Case Study. Doctoral dissertation. Nova Southeastern University. Retrieved from NSUWorks, Graduate School of Computer and Information Sciences. (88)