A Mixed-Method Case Study of Information Security Culture at an Energy Firm

Authors

Samantha Phillips, School of Cyber Studies, The University of TulsaFollow
Sal Aurigemma, School of Cyber Studies, The University of Tulsa
Bradley Brummel, College of Liberal Arts and Social Sciences, University of Houston
Tyler Moore, School of Cyber Studies, The University of Tulsa

Abstract

Information security culture (ISC) matters for organizations because it influences how and whether employees safely navigate technology and information resources. This case study of a global energy firm employs a mixed-methods approach to comprehensively evaluate the organization’s ISC. The different methods assess each level of Schein’s three-level model of culture from a security perspective and apply Hofstede’s organizational culture dimensions to classify culture type. The findings revealed the type of ISC present within the case study organization, identified areas of misalignment between leadership and employees, and established areas for cultural improvement.

Recommended Citation

Phillips, Samantha; Aurigemma, Sal; Brummel, Bradley; and Moore, Tyler, "A Mixed-Method Case Study of Information Security Culture at an Energy Firm" (2025). WISP 2025 Proceedings. 13.
https://aisel.aisnet.org/wisp2025/13