THE IMPACT OF POSITIVE ORGANISATIONAL CULTURE VALUES ON INFORMATION SECURITY MANAGEMENT IN THE COMPANY
DOI:
https://doi.org/10.12775/JPM.2016.006Keywords
information security, organisational culture, positive behaviour, information security managementAbstract
Objective: The purpose of this article is to identify the positive values of the organisational culture, which have an impact on the effectiveness of information security management in the company.
Methods: The study was performed based on a case study. The study was divided into two stages. The first stage consisted of conducting an interview with a person responsible for the information security in the studied company. While the second stage assumed obtaining the opinions of employees regarding the organisational culture and the positive values influencing the information security in the company. Based on the literature review, a survey questionnaire was prepared, which was used in the survey. The study was conducted in a company employing 35 people.
Conclusions: The article highlights the important role of the positive values of the organisational culture, which impact the information security management in the company. Positive values have a big impact on maintaining the appropriate level of information security in the company.
Originality/Value: The analysis of the obtained results shows that cultivating positive values in the company impacts the effectiveness of information security management. The study suggests that the development of positive values in the company creates not only the positive atmosphere at work, but it also affects the observance of procedures and rules in the field of information security.
References
Barczak, A., Sydoruk, T. (2003), Bezpieczeństwo systemów informatycznych zarządzania, BELLONA, Warszawa.
Chang, S. E., Lin, Ch. S. (2007), “Exloring organizational culture for information security management”, Industrial Management & Date Systems, Vol. 107 No. 3, pp. 438–458.
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., Baskerville, R. (2013), “Future directions for behavioral information security research”, Computers & Security, Vol. 32, pp. 90–101. DOI: http://dx.doi.org/10.1016/j.cose.2012.09.010
Da Veiga, A., Martins, N. (2015), “Improving the information security culture through monitoring and implementation actions illustrated through a case study”, Computers & Security, Vol. 49, pp.162–176.
Eloff, J., Eloff, M. (2003), “Information Security Management – A New Paradigm”, Proceedings of SAICSIT 2003, pp. 130–136.
Glińska-Neweś, A. (2010), “Pozytywna kultura organizacyjna jako pożądany efekt pozytywnego potencjału organizacji”, in: Stankiewicz, M. J. (Ed.), Pozytywny Potencjał Organizacji. Wstęp do użytecznej teorii zarządzania, Wydawnictwo Dom Organizatora, Toruń, pp. 75–101.
Janczak, J., Nowak, A. (2013), Bezpieczeństwo informacji. Wybrane problem, AON, Warszawa.
Johnson, M. E., Goetz, E. (2007), “Embedding Information Seciurity into the Organization”, IEEE Security & Provacy, Vol. 5 No. 3, pp. 16–24.
Korzeniowski, L. F. (2008), Securikologia. Nauka o bezpieczeństwie człowieka i organizacji społecznych, EAS, Kraków.
Koskosas, I., Kakoulidis, K., Siomos, Ch. (2011), “Information Security: Corporate Culture and Organizational Commitment”, International Journal of Humanities and Social Science, Vol. 1 No. 3, pp. 192–195.
Łuczak, J. (2009), “Metody szacowania ryzyka – kluczowy element systemu zarządzania bezpieczeństwem informacji ISO/IEC 27001”, Zeszyty Naukowe Akademii Morskiej w Szczecinie, Vol. 19 No. 91, pp. 63–70.
Molski, M., Opala, S. (2002), Elementarz bezpieczeństwa systemów informatycznych, Mikom, Warszawa.
Ruighaver, A. B., Maynard, S. B., Chang, S. (2007), ”Organizational security culture: Extending the end-user perspective”, Computers & Security, Vol. 26, pp. 56–62.
Thomson, K. L. (2006), “Cultivating an organizational information security culture”, Computere Fraund & Seciruty, Vol. 1 No. 10, pp. 7–11.
Thomson, K., van Niekerk, J. (2012), “Combating Information Security Apathy by Encouraging Prosocial Organisational Behaviour”, Information Management & Computer Security, Vol. 20 No. 1, pp. 39–46.
Strebe, M. (2005), Podstawy bezpieczeństwa sieci, Mikom, Warszawa.
Stabryła, A., Woźniak, K. (red.) (2012), Determinanty potencjału rozwoju organizacji, Mfiles.pl Encyklopedia Zarządzania, Kraków.
Szczęsny, M. (2012), ”Co nowego w zarządzaniu bezpieczeństwem informacji? Standard ISO 27001”, Zeszyty Naukowe Warszaswskiej Wyższej Szkoły Informatyki, No. 7, pp. 95–108.
Urbanek, G. (2011), Kompetencje a wartość przedsiębiorstwa: Zasoby niematerialne w nowej gospodarce, Oficyna a Wolters Kluwer business, Warszawa.
Wołowski, F., Zawiła-Niedźwiedzki, J. (2012), Bezpieczeństwo systemów informatycznych. Praktyczny przewodnik zgodny z normami polskimi i międzynarodowymi, edu-Libri, Kraków.
Wrzosek, M., Nowak, A. (2009), Identyfikacja zagrożeń determinujących zmiany w systemie bezpieczeństwa społeczeństwa informacyjnego, AON, Warszawa.
Zbierowski, P. (2012), Orientacja pozytywna organizacji wysokiej efektywności, Oficyna a Wolters Kulwer business, Warszawa.
Downloads
Published
How to Cite
Issue
Section
License
Copyright
Articles submitted to the journal should not have been published before in their current or substantially similar form, or be under consideration for publication with another journal. Authors submitting articles for publication warrant that the work is not an infringement of any existing copyright and will indemnify the publisher against any breach of such warranty. For ease of dissemination and to ensure proper policing of use, papers and contributions become the legal copyright of the publisher unless otherwise agreed.
Plagiarism and ghostwriting
In response to the issue of plagiarism and ghostwriting the editors of the Journal of Positive Management has introduced the following rules to counteract these phenomena:
1. Contributors should be aware of their responsibility for a content of manuscripts.
2. Collective authors are obliged to reveal the contribution and an affiliation of each author (i.e. who is an author of specified part of a paper).
3. Any act of dishonesty will be denounced, the editors will inform appropriate institutions about the situation and give evidence of all cases of misconduct and unethical behaviour.
4. The editors may ask contributors for financial disclosure (i.e. contribution of specified institutions).
Stats
Number of views and downloads: 558
Number of citations: 0