The Impact of Corporate Culture in Security Policies – A Methodology

Lopes Filho, Edmo Lopes Filho; Souza, Joao Henrique Pereira de Souza; Chaves, Albene Teixeira Chaves; Hashimoto, Gilberto Tadayoshi Hashimoto; Rosa, Pedro Frosi Rosa

Home // ICNS 2011, The Seventh International Conference on Networking and Services // View article

The Impact of Corporate Culture in Security Policies – A Methodology

Authors:
Edmo Lopes Filho Lopes Filho
Joao Henrique Pereira de Souza Souza
Albene Teixeira Chaves Chaves
Gilberto Tadayoshi Hashimoto Hashimoto
Pedro Frosi Rosa Rosa

Keywords: security policy; awareness; culture, congruence model

Abstract:
Despite security policies, standards, awareness strategies and tools currently in place, employees are still being involved in risky behaviors that jeopardizes businesses. Meanwhile, although security policies are the cornerstone of well-designed security strategies, recent studies have demonstrated poor adherence or even negligence in accordance with the rules security policies specify. This observed behavior is related to the fact that business permeates different countries, cultures, and understanding human nature and culture is still a key success factor to information security not well-supported by established security policy development and deployment methodologies. As its outcome, this paper addresses a ubiquitous methodology to develop security policies considering the evaluation of culture and its impacts over security policy adherence.

Pages: 98 to 103

Copyright: Copyright (c) IARIA, 2011

Publication date: May 22, 2011

Published in: conference

ISSN: 2308-4006

ISBN: 978-1-61208-133-5

Location: Venice/Mestre, Italy

Dates: from May 22, 2011 to May 27, 2011