Exploring the relationship between organizational culture and information security culture

  • Lim J
  • Chang S
  • Maynard S
 et al. 
  • 2


    Mendeley users who have this article in their library.
  • 20


    Citations of this article.


Managing Information Security is becoming more challenging in today's business because people are both a cause of information security incidents as well as a key part of the protection from them. As the impact of organizational culture (OC) on employees is significant, many researchers have called for the creation of information security culture (ISC) in organizations to influence the actions and behaviour of employees towards better organizational information security. Although researchers have called for the creation of ISC to be embedded in organizations, nonetheless, literature suggests that little past research examining the relationship between the nature of OC and ISC. This paper seeks to explore the relationship between the nature of OC and ISC and argues that organizations that have a medium to high security risk profile need to embed the ISC to influence employee actions and behaviours in relation to information security practices. In addition, this paper also introduces a framework to assist organizations in determining the extent to which the desired ISC is embedded into OC. © 2009 Lim, Chang, Maynard & Ahmad.

Author-supplied keywords

  • Information security
  • Information security culture
  • Information security policy
  • Organizational culture

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document

  • PUI: 365373387
  • SGR: 84864552045
  • SCOPUS: 2-s2.0-84864552045
  • ISBN: 9780729806800


  • Joo Soon Lim

  • Shanton Chang

  • Sean Maynard

  • Atif Ahmad

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free