Information security culture: A general living systems theory perspective

摘要

Information security culture (ISC) is often acknowledged as being a vital subculture within an organizational culture. As a subculture, its purpose is to fulfil its security purpose, while integrating into, and supporting, the broader organizational culture. However, in contrast, few discussions of ISCs acknowledge that the ISC itself is comprised of subcultures. The research literature's lack of exploration of this nested nature of ISC may be hindering in-depth understanding of the ISC as a system within itself, as well as within the broader organizational culture. This paper will therefore address this by straying from traditional views of ISCs. We will examine an ISC as a self-managing, self-repairing collective of multiple ISCs which meet the organizational culture's security needs. The paper's objective is to show that an ISC can be viewed and understood as a living system.