The 7 Dimensions of Security Culture

Issue link: https://insights.oneneck.com/i/1476862

Contents of this Issue


Page 24 of 43

25 The 7 dimensions of security culture Communication The quality of communication channels to discuss security-related events, promote a sense of belonging, and provide support for security issues and incident reporting. Communication is a mechanism for securing or compromising information through the management of people and technology 49 and thus plays a vital role in organizational security 50 . In IBM's 2018 Cost of Data Breach study 51 clearly shows the need for effective organizational communication processes, as it is reported that it takes in average 197 days for organizations to detect a breach and a further 69 days to resolve the situation and restore service. Many researchers conclude that managers should effectively communicate security-related concepts to their employees 52 , yet little research empirically examines how such communication can affect later security behavior 53 . Empirical research on the role of communication in security culture is rare, but important: it shows that both the prevention of security breaches and the response to them are largely determined by effective communicative processes. Communicative structures (channels, possibilities to communicate) need to exist that give meaning and legitimation to desired practices 54 . There is a need for frequent communication within and between departments, possibly by a shared platform for interactions between employees. Where frequent communication is encouraged, employees who naturally would not communicate with others are presented with the opportunity to do so. More specifically, communication between departments needs to be collaborative, and it needs to be knowledge-rich communication. Collaborative communication is important both for security prevention and response strategies to achieve desired outcomes 55 . Information security is an inter- departmental effort rather than an IT-department- only effort, and inter-departmental collaboration requires a good communication culture 56 . Because annual security awareness training effectiveness decays over time, some employers and software vendors have begun to implement real- world short communications with some success 57 . Many sites now provide instant feedback on the strength of newly formed passwords, which has been shown to have a positive impact on user security behavioral outcomes 58 . Commercial web browsers utilize security warnings displayed to users who may surf to the wrong site 59 . And, the SANS Institute distributes Post-it notes that include the reminder "do not write your password here" 60 . Employee engagement is the result of an employee's cognitive and emotional motivation, self-efficacy to perform the job, a clear understanding of his or her role in the organization, and a belief that he or she has the resources to perform their job. All of these factors can be positively influenced through good communication. While communication is a basic requirement of management, it is also instrumental in raising the morale of employees, affecting motivation, and encouraging employee engagement. It is through communication, verbal or non-verbal, that people

Articles in this issue

Archives of this issue

view archives of eBooks/eGuides - The 7 Dimensions of Security Culture