Issue link: https://insights.oneneck.com/i/1476862
43 The 7 dimensions of security culture Pattinson, M. R. and Anderson, G. (2007). How Well Are Information Risks Being Communicated To Your Computer End- Users? Information Management and Computer Security, 15(5) 362 – 371 Parsons, K., Young, E., Butavicius, M., McCormac, A., Pattinson, M., and Jerram, C. (2015). The Influence of Organizational Information Security Culture on Information Security Decision Making. Journal Of Cognitive Engineering And Decision Making, 9(2), 117-129. Pogarsky G. (2004) Projected offending and contemporaneous rule-violation: implications for heterotypic continuity. Criminology 2004;42(1):111-136. Ponemon Institute. 2018 Cost of a Data Breach Study: IBM Security. Retrieved from: https://www.ibm.com/security/data- breach Roer, K., and Petrič, G. (2017). Security Culture Report 2017 - In depth insights into the human factor. Retrieved from: https:// get.clt.re/security-culture-report-2017/ Roer, K., et al. (2013). The Security Culture Framework. Retrieved from: https://securitycultureframework.net Roer, K. (2015). Build a security culture. Ely, Cambridgeshire, United Kingdom: IT Governance Publishing. Royce, J. (1974). Cognition and Knowledge: Psychological Epistemology. In E. Carterette & M. Friedman, Historical and Philosophical Roots of Perception. Academic Press. Chp.9. Safa, N. S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N. A., and Herawan, T. (2015). Information security conscious care behaviour formation in organizations. Computers & Security, 53, 65-78. Safa, N. S., Von Solms, R., and Furnell, S. (2016). Information security policy compliance model in organizations. Computers & Security, 56, 70-82. Sandler, R., (2018, May 29). "After Studying 6.1 Million Passwords, Researchers Identified the 6 Most Common Mistakes. Take a Look" Inc. (blog) Retrieved from: https://www.inc.com/business- insider/common-password-mistakes-how-to-choose-strong- password.html Schwartz, M. J., (2017, Mar 3). "Verizon: Most Breaches Trace to Phishing, Social Engineering" Bank Info Security (blog): Information Security Group Corp. Retrieved from: https://www. bankinfosecurity.com/interviews/most-breaches-trace-to- phishing-social-engineering-attacks-i-3516 Sidhu, H. (2012). Fundamental Issues for Developing Information Security Policies. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET). 1(10): 99-104. Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees' adherence to information security policies: An exploratory field study. Information & Management, 51(2), 217-224. Siponen, M., Pahnila, S., & Mahmood, M. A., (2010). Compliance with Information Security Policies: An Empirical Investigation. Computer 43 (2): 64–71. Siponen, M. & Vance, A. (2010). Neutralization: New insights into the problem of employee information systems security policy violations. MIS Quarterly, 34(3), 487-502. Stanton, J. M., Stam, K. R., Mastrangelo, P., Jolton, J., Analysis of end user security behaviors. Computers & Security, 24.2 (2005): 124-133. Son, J. Y. (2011). Out of fear or desire? Toward a better understanding of employees' motivation to follow IS security policies. Information & Management, 48(7), 296-302. Tassabehji, R., Elliman, T., and Mellor, J. (2007). Generating Citizen Trust in E-Government Security: Challenging Perceptions, International Journal of Cases on Electronic Commerce, 3(3), 1-17. Tischer, M., Durumeric, Z., Foster, S., Duan, S., Mori, A., Bursztein, E., and Bailey, M. (2016, May). Users really do plug in USB drives they find. In IEEE Symposium on Security and Privacy (SP), 2016. IEEE. 306-319 Thomson, K., von Solms, R., & Louw, L. (2006). Cultivating an Organizational Information Security Culture. Computer Fraud & Security, 2006(10), 7-11. Tsohou, A., Kokolakis, S., Karyda, M., and Kiountouzis, E., (2008) Process-variance models in information security awareness research. Information Management & Computer Security, 16(3), 271-287. Ullah, K. W., Ahmed, A. S., & Ylitalo, J. (2013). Towards Building an Automated Security Compliance Tool for the Cloud. IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 8, 1587-1593. Ur, B., Kelley, P. G., Komanduri, S., Lee, J., Maass, M., Mazurek, M. L., et al. (2012). How does your password measure up? The effect of strength meters on password creation. In Proceedings of the 21st USENIX Security Symposium (USENIX Security 12). ACM. 65-80. Vance, A., Anderson, B., Kirwan, B., Eargle, D. (2014). Using measures of risk perception to predict information security behavior: Insights from electroencephalography (EEG), Journal of the Association for Information Systems, 15(10), 679-722. Wang, P. A. (2010, June). Information security knowledge and behavior: An adapted model of technology acceptance. In Education Technology and Computer (ICETC), 2010 2nd International Conference on (Vol. 2, pp. V2-364). IEEE. Wang, et al. (2018) The Next Domino to Fall: Empirical Analysis of User Passwords across Online Services. Retrieved from: https:// people.cs.vt.edu/gangwang/pass.pdf Willison, R., Warkentin, M., & Johnston, A. C. (2018). Examining employee computer abuse intentions: Insights from justice, deterrence and neutralization perspectives. Information Systems Journal, 28(2), 266-293. Yazdanmehr, A., & Wang, J. (2016). Employees' information security policy compliance: A norm activation perspective. Decision Support Systems, 92, 36-46.