Security subcultures in an organization - exploring value conflicts

Security culture is considered as an important factor in overcoming the problem with employees’ lack of compliance with Information Security (IS) policies. Within one organization different subcultures might transcribe to different and sometimes even conflicting, values. In this paper we study such value conflicts and their implications on IS management and practice. Shein’s (1999) model of organizational culture is used as a tool supporting analysis of our empirical data. We found that value conflicts exists between different security cultures within the same organization and that users anchor their values related to IS in their professional values. Thus our empirical results highlight value conflicts as an important factor to take into account when security culture is developed in an organization. Moreover, we found Shein’s model as a useful tool for analysis of value conflicts between different subcultures in an organization.