A holistic framework for the fostering of an information security sub-culture in organizations

Modern businesses operates in an emerging global information society. In this information society it is imperative for modern organizations to take the protection of their information resources seriously. This protection of information resources is to a large extent dependent on human co-operated behavior. This human factor is the weakest link in information security, and consists of two interrelated dimensions. Firstly, employees must have sufficient knowledge about information security in order to effectively implement, and maintain, the various information security controls. Secondly, the employees must have the correct attitude towards information security. These two dimensions to the human factor in information security are closely related, and to a degree co-dependent upon each other. It would thus make sense to address these dimensions holistically. This paper combines previously proposed principles and methodologies into a single holistic framework that addresses both the dimensions to this human factor in information security.