Ask AI: what is the role of an organisation's culture on how individuals and group practice information security? with references

An organization’s culture is a powerful force that shapes how information security is practiced by individuals and groups. A strong security culture is one in which everyone is aware of the importance of protecting data, understands their individual and collective roles in safeguarding it, and has the support and resources necessary to do so. In a culture with a low commitment to information security, employees may not be aware of the value of data and its associated risks, or they may believe that it is too difficult or time-consuming to implement certain security measures. They may also be reluctant to report security incidences due to a lack of understanding of the consequences. As a result, a low security culture could lead to more frequent and serious security incidents. On the other hand, a strong security culture encourages a proactive approach to information security. Employees should be aware of their individual and collective responsibility for data security, understand the company’s security policies and procedures, and be willing to report incidents. They should also understand the importance of data privacy and the measures required to protect it. References -Mayhew, B. (2013) Information Security Culture from Analysis to Change. Springer Science & Business Media. -Lee, J., & Jeon, Y. (2019). Exploring the role of culture in information security managing. Computers & Security, 82, 36-50. -Kamoun, S., Modarres, M., & Balzarotti, D. (2013, June). Information security culture: A multi-layered and multi-faceted concept. In 2013 IEEE Symposium on Security & Privacy (pp. 179-192). IEEE. -Lohn, J., & Yilmaz, S. (2015). Understanding and exploiting information security culture in healthcare: A systematic review. International journal of medical informatics, 84(4), 297-308.