Abstract

Drawing on high reliability theory, this study investigates how a firm’s information security (InfoSec) practices as practical proficiencies form its organisational security culture. We tested the model using survey data from 602 professional managers in Australia and New Zealand who are aware of the InfoSec programmes within their respective organisations, the findings of which suggest a security culture is influenced by a firm’s practical proficiencies in the form of InfoSec practices namely prevention, detection and response practices. Our findings also emphasise the importance of organisational supportive proficiencies as organisational structure for improving the impact of InfoSec preventive practices on organisational security culture in a firm. The results of this study provide both academics and practitioners an understanding of the vital organisational dynamics necessary to establish a culture of security.

Share

COinS