Jasveer_HI6050_Research proposal_updated

docx

School

Davenport University *

*We aren’t endorsed by this school

Course

FINANCIAL

Subject

Information Systems

Date

Nov 24, 2024

Type

docx

Pages

16

Uploaded by AdmiralFreedom582

Report
Abstract: This report effectively explored the importance of creating a robust security culture in organizations. In this technological development era, data breaches and cyber threats are increasing and foster several challenges in organizations. It becomes very important to guide and train employees of the organizations to commit to enhancing the practices of security. This report provided key elements of the security culture of an organization, like incident response, training, employee awareness, and leadership commitment. This report aims to analyze the culture of security in organizations to reduce incidents of security.Thisreportexamined the issues organizations face in maintaining and establishing this security culture. By analysing existing research, problem background, research methods, finding, and best practices, this report provided effective actions to support organizations in improvingtheculture of security. Training and education are very important for building an effective security culture in organizations.
Table of Contents Abstract: .......................................................................................................................................... 1 Introduction: ................................................................................................................................... 3 Background: ................................................................................................................................ 4 Research Questions: .................................................................................................................... 4 Research Scope: .......................................................................................................................... 4 Research Method Overview: ....................................................................................................... 5 Research Method: ........................................................................................................................... 5 Literature Review: .......................................................................................................................... 7 Dimensions and Components of Security Culture: ..................................................................... 7 Security Culture of Organizations: ............................................................................................. 8 Techniques and Approaches to improve security in the organizations: ...................................... 8 Results: ......................................................................................................................................... 10 Discussion & Conclusions: ........................................................................................................... 12 Discussion: ................................................................................................................................ 12 Conclusion: ............................................................................................................................... 13 Reference: ..................................................................................................................................... 14 1
Research topic: Security Culture Security culture is an effective set of security-related assumptions, attitudes, values, and norms that are inherent in operations of the organization. The security culture of organization play a crucial role to protect assets of organization and its data. This research is focused on analysis of security culture within organization. The security culture have seven dimensions: responsibilities, norms, compliance, communication, cognition, behaviors, and attitudes. Introduction: In the present evolving digital world, the concept of the security culture in companies has become essential. The continuous growth of technologies and increasing growth of security threats have exposed companies to security risks that are unpredicted. As a result, the creation of a robust security culture becomes very important to protect sensitive information, ensure continuity of business, and maintain the trust of customers. The aim of this report is to provide a comprehensive overview of the security culture landscape in organizations. In the modern era, Cyberattacks and data breaches have the potential to cause heavy reputational damage to organizations, enhancing and understanding the security culture of the organization is not an option anymore; it becomes necessary. This report will explore the security culture evaluation and its importance in the mitigation of security risks. The challenges or issues faced by organizations will be effectively presented in the report. 2
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Background: In the present time, organizational processes are highly associated with the utilization of communication and information technologies that expose companies to information security threats and risks. The professionals and researchers of information security are highly insisting that threats and risks of security cannot be avoided. Organizations build strong cultures to support to ensure the success of the business. In the present, due to the heavy growth of technologies and information systems, security threats and risks have increased (Alshaikh 2020, pp.3(3)). In the past many years, security researchers have witnessed many successful Cybersecurity attacks against businesses. Organizations like Marriott, Target, Home Depot, and Sony have suffered data breaches. Cybersecurity has become a very essential issue in the business world at the present time. It is accepted that individuals are the weakest link in the cybersecurity chain of the organization. As technologies of security become efficient, hackers turned their attention to the individuals to target the vulnerabilities of the organizations (Alshaikh 2020, pp.3(3)). Research Questions: There are some research questions proposed to complete this research: RQ: What are the key components, standards, and regulatory compliance of security culture in the organizations and how it affect the business of the organization? A robust security culture involves several components and adherence to regulations and standards of the business. It can affect business of the organization by protecting its reputation, reducing costs, and improving trust and competitiveness. The security culture affect the business of the organization, as any issues in security of organization directly affect the business processes and data. Components and dimensions of security culture in organization are reviewed in our research. The issues of security culture in organizations are explained along with techniques and approaches to improve security in organizations. Research Scope: The successful completion of this research will be very helpful for organizations to improve the security culture within an organization. It is predicted that organizations can be 3
effectivelyprepared to navigate the ever-changing and complex security landscape through the utilization of a resilient and robust security culture. This report will provide effective techniques to strengthen the security culture of the organization. The security culture of the organization is very important to maintain and run its business smoothly. 4
Research Method Overview: In the proposed research, a qualitative research methodology will be utilized to collect effective information related to security culture in the organization research. The data of this research will be gathered with the use of a secondary data collection method(Da Veiga et al. 2020, pp.2(1)). The research questions proposed above will be effectively answered with the support of the systematic literature review method. The findings of this research method will be very helpful in generatingtheresults of the research (Da Veiga et al. 2020, pp.2(1)). Research Method: The collection of data related to security culture withintheorganization's research can be effectively collected with the support of qualitative research methodology. A qualitative research method is capable of providing effective theoretical information related to the research area to answer the research questions proposed above. This research is conducted with the support of a deductive research approach. Qualitative research methodology is best suitable method for data collection as it is time-efficient and cost-effective. There are several steps followed to collect data related to research using a qualitative approach. There are two types of data collection sources available but in this research secondary data collection method is utilized (dos Santos Vieira et al. 2022, pp.59(2)). The objectives of the research like understanding of current security culture in the organization are defined in the first step. The collection of data is started by conducting a comprehensive literature review. Several books, case studies, reports, and academic papers that discuss the security culture in organizations are collected. These research papers, articles, and other sources are effectively reviewed to collect valuable information that guides this research. A keyword search method is used in this research to collect effective articles, research papers, and journals related to security culture within organizations. A conceptual framework that can outline the major factors that influence the security culture in the organizations is developed. The data of this research is collected from existing sources. Empirical evidence, theories, and key findings related to security culture are documented. The literature is an effective analysis. A wide range of effective information related to patterns, concepts, and themes relevant to security culture in organizations is collected from a literature review. The findings of the literature research are effectively summarized. Identification of research gaps is very important in the research. These research gaps can effectively guide 5
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
research direction and support to identificationofareas that need more investigation. After collecting effective data related to research and documenting research gaps and findings, the next step is data analysis. The data of this research is effectively analyzed with the support of the grounded theory technique (Georgiadou et al. 2022, pp. 453(3)). Effective and useful data from the collected information can be used to generate the results of the research. It is very important to maintain a systematic and rigorous approach through literature review and cite sources appropriately (Georgiadou et al. 2022, pp. 453(3)). 6
Literature Review: Dimensions and Components of Security Culture: According to He and Zhang 2019, the security culture of an organization is a vital asset for the growth of the business.The model contains many dimensions such asresponsibility, norms, compliance, communication, cognition, behavior, and attitudes. Strong commitment and support to security from the top organization is complex. The leader must set the tone for the priority and security to make decisions. The employee is required to be aware of the risks of security and good practices (He and Zhang 2019, pp. 252(4)). Regular awareness and training program support in this regard can be very helpful in improving the security culture in organizations. It is very important to establish effective policies and procedures to protect the assets and information of the organization. Understanding standards of security within the organizations is important to mitigate risks related to information security. Understanding of information security awareness (ISA) refers to the extent to which employees can understand the significance of information security (IS) policies, guidelines, and rules of the organization. According to Ključnikov et al. 2019, the security of information means protecting the data during its disposal, transmission, storage, processing, and creation, organizational measures, and physical, and technical that counteract the loss of availability, integrity, and confidentiality. Information security management is part of the management system, the foundation for handling the risk of security, the main aim is to establish, maintain, review, monitor, operate, implement, and improve information security in management. To support employee change and recognize the behavior of computing security, management is required to invest in the cybersecurity awareness and training program that encourages the user's active engagement to comply with the policy of security. SME's specific environment in terms of the information secured management and enforcement. Human nature is crucial in information security and it has been researched by various scientific disciplines (Ključnikov et al. 2019, pp.4 (3)). The main aim is to understand, approach, and analyze how employee attitudes, behavior, and beliefs can indirectly or directly, unintentionally or intentionally, possibly affect the information secured by the management. Understanding the base of the difficulties can lead to efficient solutions, applicable procedures, and policies same as the training program which can contribute to cultivating a prosperous culture of security (Ključnikov et al. 2019, pp.4 (3)). 7
Security Culture of Organizations: According to Da Veigaand Martins 2017, the culture of security is cultivated through time- consuming and long procedures affected by different factors with various weights. However certain assessments of the information security approaches that are established, do not apply to evaluate the methods utilized by corresponding the culture ( Da Veigaand Martins 2017, pp.77(3)). The development of an efficient security culture will be based on the security risks of the organizations. To build the program, the management is required to set the information- secured leadership appropriate to the management structure for shaping the culture. The leadership is required to make the road map that moves the management from compliance on cultures and ad hoc cultures to depend on risk. According to McKeown 2019, an understanding of the culture of the organization is fundamental when trying to define and understand security culture. This is because effective and efficient security in the company is entrenched in the culture of the organization. Consequently, a culture of security is generally explained and understood as organizational culture’s subculture. Therefore, security culture cannot be assessed in isolation. The culture must focus on learning from the incident rather than blaming. The organization builds strong management cultures to support and ensure the organization's success. The culture consists of the values and shared beliefs established by the leader and also reinforced and interaction over different methods, understanding, behavior, and employee perception. An efficient program of awareness of security will reinforce and improve employee behavior (McKeown 2019, pp. 17(3)). Security awareness proram have a positive impact on the Return of Investment of organization. The management can perform cybersecurity assessment and spend money to mitigate the cybersecurity threats. The relevance and quality of the training content that is complex. The training must cover present threats, and security measures, and also specify the risk. Engaging and interactive methods of the training tend to the effective. The scenario of the real world could help the employee understand & also retain the concepts of security goods rather than the passive presentation or lecture (McKeown 2019, pp. 17(3)). 8
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Techniques and Approaches to improve security in the organizations: According to Orehek and Petric 2021, a strong security culture with an efficient strategy for mitigating risk is required in the organization. By cultivating a culture that emphasizes the awareness of the risk, employees recognize the vulnerability and follow secure practices. It needs a combination of technical and management measures, like a recovery plan for the disaster, redundancy, and backup procedures. They developed concise and clear policies for security and also ensured that they were always readable and accessible to the employee. The regular interaction reinforces and updates policy over different channels, like displaying the postern intranet portals, and email newsletters in the office eras. Building knowledge, trust, and cultural awareness with employees can be very helpful to improve the culture of security in organizations. Regularly training the employees to respond and recognize the threat to security is another practice to improve culture. It ensured that the leadership actively helped and prioritized cybersecurity. Regularly updating and developing an incident plan to swiftly address the incidents of security is another step toward improving organizational culture. Keeping all the applications, operating systems, and software up to date with the patches of the security to vulnerability address can be very helpful in enhancingthesecurity of the organization (Orehek and Petric 2021, pp. 139(2)). Regulatory compliance mandates the specific controls and security practices that management should adhere to. The requirements could range from the standard of information protection to the framework of cybersecurity. Adhering to the standard could support management good mitigating and understanding the threats to security, fostering a more secure conscious culture. The organization standards give the benchmark against which the management could assess the posture of the security, the benchmark could encourage management to continuously improve the practices of the security and make the culture vigilance. The security culture refers to the set of values, shared by the organization, which determine how the people are expected regarding and techniques of security.As technologies of security become efficient, hackers turned their attention to the individuals to target the vulnerabilities of the organizations (Orehek and Petric 2021, pp. 139(2)). 9
Results: This research provides an analysis of effective security culture to assess and evaluate the current security standards in the workforce of the organization. The research on the security culture of the organizations has identified several outcomes and results related to the fostering of an effective and strong culture of security. Reduced security incidents: An effective and positive culture of security generally leads to a decrease in security incidents like physical security breaches, cybersecurity attacks, and data breaches. Employees who are aware of security practices and security risks can make fewer mistakes that could compromise the security of an organization. Enhanced compliance: Companies with a strong culture of security are generally better at adhering to compliance and regulatory needs. It may lead to fewer financial and legal consequences relevant to non-compliance (Ruhwanya and Ophoff 2019, pp. 780(3)). Improve Awareness of Employees: Research presents that a strong culture of security enhances the awareness of employees towards security vulnerabilities and threats. This awareness can support employees in reporting and recognizing suspicious activities. Increased Engagement of Employees: Staff of employees who feel that the organization values security tend to be more engaged. They can effectively participate in security training programs and follow procedures and policies of security. Effective Management of Risks: An effective security culture encourages proactive management of the risk. The organizations can effectively identify potential vulnerabilities and risksearly and take effective steps to mitigate them. Crisis Resilience: A strong culture of security can enhance the ability of the organization to respond to security crises or incidents. Employees are effectively prepared to react efficiently and calmly in a security breach face. The trust of the customer: Companies that prioritize a culture of security generally earn partners' and customer's trust very easily. Customers generally prefer organizations that demonstrate commitment to protecting their interests and data (Wen et al. 2019, pp. 867(2)). Competitive Benefits: Strong security reputation practices can be an effective competitive benefit, especially in companies where data security and trust are the main success factors. 10
Cost Saving: While investing in the culture of security may need resources inthe long run, it may lead to savings of cost by reducing the security breaches likelihood and costs associated with them. Continuous Enhancement: The research on security culture emphasizes the continuous enhancement’s importance. Companies with a strong culture of security can adapt to evolving security technologies and threats (Wen et al. 2019, pp. 867(2)). With the use of effective security training programs and security infrastructure in the organization, the culture of security can be enhanced. Research on the culture of security in organizations revealed many essential findings and outcomes. A strong culture of security is related to reduced breaches and incidents of security. When employees become aware of security threats and take them seriously, they can follow effective security protocols and report threats. Leadership within organizations is considered a very crucial step in shapingthesecurity culture of the organization. Moreover, communication is an effective key to fosteringanenvironment that is security-conscious. Companies that communicate policies of security clearly and give ongoing awareness and training programs tend to have vigilant and informed workforces (Wiley et al. 2020, pp. 5(3)). The research highlights the importance of effective approaches to security incidents. The use of effective security measures in organizations can support to enhance the overall culture of security in the organizations. Furthermore, an effective and positive culture of security is generally linked to increased competitive advantages and customer trust. Customers can do business with the companies if they provide effective security to their assets and information. The research on the security culture in organizations underscores the nature of the concept, where employee attitudes, communication and leadership, and incident response contribute to creating a protected environment. Investing in an effective culture of security can reduce risks and have effective and positive outcomes for business (Wiley et al. 2020, pp. 5(3)). 11
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Discussion & Conclusions: Discussion: This research discusses that robust and effective security culture in organizations or companies is very important for the management of cybersecurity. It encompasses the collective behaviors, values, and mindset that prioritize security at different levels. This type of culture is very important in the digital landscape today, where cybersecurity threats are increasing. Leadership plays a very crucial role in fosteringthis security culture. Training and education are very important for building an effective security culture in organizations. Continuously educating staff and employees on the security risks, best practices, and current threats empowers them to recognize potential dangers and make informed decisions. Effectively defined policies of security are the backbone of the culture of security. These policies can be comprehensive, accessible, and enforced consistently. Response to incidents is a very crucial aspect. The employees should be informed how to report the incidents of security promptly and how an organization can mitigate those incidents (Sas et al. 2019, pp. 897(2)). Phishing awareness, strong password practices, and access control are effective and practical aspects of everyday security that each employee should understand and follow. In this remote work era, security devices and remote connections are very crucial. Compliance and security audit checks that ensure the security measures of the organization remain up to date-and effective. Ultimately, a culture of security is about creating an effective sense of shared responsibility. It is everyone’s duty to safeguard the reputation and assets of the organization. Continuously reinforcing all the security principles and adapting them to evolve threats is a major key to maintainingaresilient culture of security. A few recommendations are provided to improve security culture within organizations: Organizations should have to organize security awareness programs to train employees. The use of effective security measures and techniques can be beneficial for the organizations to maintain security in the organizations. Organizations should have to focused on security basics (Sas et al. 2019, pp. 897(2)). 12
Conclusion: The key dimensions and fundamentals of security culture in the organizations were reviewed in this research. The framework of the security culture present in this study combines the advantages and mitigates the disadvantages of both scientific techniques while the importance of the human factor in the chain of security. The nature is iterative and allows constant monitoring and evaluation of the management of the cybersecurity culture it is a living mechanism that evolves and adapts to continuously demand the technical environment. The research empirically examined the relationship between ISA, security culture, and managemental culture, not previously reported, that security culture mediates the relationship between managemental ISA and culture. The security culture is strong and is important for protecting the management information and assets. It is to assess the behaviors, collective mindset, and practices about security. It ensures that all the employees understand the essentials of security and its role. Giving regular awareness programs and security training to educate the staff regarding the best practices and potential threats. The potential need fora security culture in organizations was effectively presented in this research. 13
Reference: Alshaikh, M., 2020. Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security, 98, p.102003. https://www.sciencedirect.com/science/article/pii/S0167404820302765 Da Veiga, A. and Martins, N., 2017. Defining and identifying dominant information security cultures and subcultures. Computers & Security , 70 , pp.72- 94. https://uir.unisa.ac.za/bitstream/handle/10500/23160/Comp%20and%20Sec %202017%20Dominant%20and%20Sub%20cultures.pdf?sequence=4 Da Veiga, A., Astakhova, L.V., Botha, A. and Herselman, M., 2020. Defining organisational information security culture—Perspectives from academia and industry. Computers & Security, 92, p.101713. https://repository.up.ac.za/bitstream/handle/2263/76240/DaVeiga_Defining_2020.pdf? sequence=1 dos Santos Vieira, P., DIAS, M.D.O., Pereira, L.J.D. and da Silv, G.D.B.P., 2022. Brazilian Organizational Culture on Information Security: A Literature Review. GPH-International Journal of Business Management, 5(01), pp.56- 67. http://www.gphjournal.org/index.php/bm/article/download/561/357 Georgiadou, A., Mouzakitis, S., Bounas, K. and Askounis, D., 2022. A cyber-security culture framework for assessing organization readiness. Journal of Computer Information Systems, 62(3), pp.452-462. https://e-tarjome.com/storage/panel/fileuploads/2022-07- 03/1656840730_e16797.pdf He, W. and Zhang, Z., 2019. Enterprise cybersecurity training and awareness programs: Recommendations for success. Journal of Organizational Computing and Electronic Commerce, 29(4), pp.249-257. https://sci-hub.se/https://doi.org/10.1080/10919392.2019.1611528 Ključnikov, A., Mura, L. and Sklenár, D., 2019. Information security management in SMEs: factors of success. Entrepreneurship and Sustainability Issues, 6(4), p.2081. https://www.researchgate.net/profile/Aleksandr- Kljucnikov/publication/333885503_Information_security_management_in_SMEs_factors_of_s 14
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
uccess/links/5d0c8010458515c11ceaf543/Information-security-management-in-SMEs-factors- of-success.pdf McKeown, D.A., 2019. Building a risk-based information security culture. ISSA Journal, 17(4), pp.14-21. https://donmckeown.net/Building_a_Risk-Based_Information_Security_Culture_- _Don_McKeown-4-2019-ISSA_Journal.pdf Orehek, Š. and Petrič, G., 2021. A systematic review of scales for measuring information security culture. Information & Computer Security, 29(1), pp.133- 158. https://www.emerald.com/insight/content/doi/10.1108/ICS-12-2019-0140/full/html Ruhwanya, Z. and Ophoff, J., 2019, April. Information security culture assessment of small and medium-sized enterprises in Tanzania. In International Conference on Social Implications of Computers in Developing Countries (pp. 776-788). Cham: Springer International Publishing. https://inria.hal.science/hal-02285261/document Sas, M., Reniers, G., Hardyns, W. and Ponnet, K., 2019. The impact of training sessions on security awareness: measuring the security knowledge, attitude and behaviour of employees. Chemical Engineering Transactions, 77, pp.895- 900. https://biblio.ugent.be/publication/8631857/file/8631868 Wen, S.F., Kianpour, M. and Kowalski, S., 2019, August. An empirical study of security culture in open source software communities. In Proceedings of the 2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (pp. 863- 870). https://ntnuopen.ntnu.no/ntnu-xmlui/bitstream/handle/11250/2646705/Wen.pdf? sequence=4 Wiley, A., McCormac, A. and Calic, D., 2020. More than the individual: Examining the relationship between culture and Information Security Awareness. Computers & security, 88, p.101640. https://e-tarjome.com/storage/panel/fileuploads/2019-11-20/1574232892_E14013-e- tarjome.pdf 15

Related Documents

Comparing FTTH Deployment Business Models for Sustainability.doc
Kim Ahley.docx
topic 4- dq-1-3.docx
1654749836-Worksheet_for_Assessment_3.docx
How to Use Friends and family Programming for conducting digital investigations.docx
_wgu_course_c838___managing_cloud_security_exam-315.pdf
_wgu_course_c838___managing_cloud_security_exam-57.pdf
Problem Set Project 3 (Analyzing Subway Data).docx
Detail end of service procedures that you followed including provisions for waste minimisation.docx
topic 3- dq-1- 5.docx
_wgu_course_c838___managing_cloud_security_exam-325.pdf
week4.docx