A general morphological analysis: Delineating a cyber-security culture

摘要

Purpose - The purpose of this paper is to define and delineate cyber security culture. Cyber security has been a concern for many years. In an effort to mitigate the cyber security risks, technology-centred measures were deemed to be the ultimate solution. Nowadays, however, it is accepted that the process of cyber security requires much more than mere technical controls. On the contrary, it now demands a human-centred approach, including a cyber security culture. Although the role of cultivating a culture in pursuing cyber security is well appreciated, research focusing intensely on cyber security culture is still in its infancy. Additionally, knowledge on the subject is not clearly bounded and defined. Design/methodology/approach - General morphological analysis (GMA) is used to define, structure and analyse the cyber security environment culture. Findings - This paper identifies the most important variables in cultivating a cyber security culture. Research implications - The delineation of the national cyber security domain will contribute to the relatively new domain of cyber security culture. They contribute to the research community by means of promoting a shared and common understanding of terms. It is a step in the right direction towards eliminating the ambiguity of domain assumptions. Practical implications - Practically, the study can assist developing nations in constructing strategies that addresses the key factors that need to be apparent in lieu to cultivating its envisaged national culture of cyber security. Additionally, the GMA will contribute to the development of solutions or means that do not overlook interrelations of such factors. Originality/value - Delineating and defining the cyber security culture domain more precisely could greatly contribute to realizing the elements that collectively play a role in cultivating such a culture for a national perspective.