Authors: Miloslava Plachkinova; Steven Andrés
Addresses: Department of Information and Technology Management, Sykes College of Business, The University of Tampa, 401 W Kennedy Blvd., Mailbox O, Tampa, FL, USA ' Department of Management Information Systems, Fowler College of Business Administration, San Diego State University, 5500 Campanile Drive, San Diego, CA 92182, USA
Abstract: National culture plays an important role in the development and compliance with information security (InfoSec) policy and standards. A successful InfoSec policy must demonstrate understanding of the local workforce's culture and not just blindly impose rules and regulations. We conducted a quantitative study of 177 professionals across 35 national cultures to investigate whether national culture influences InfoSec training and best practices using Hofstede's six cultural dimensions. Our findings indicate that training programs should more directly address the variances in perception of InfoSec across cultures. These training programs should also reflect the significance of the organisation's InfoSec policies in the context of the local employee, while maintaining unified corporate governance. By increasing training comprehension, organisations can reduce security incidents resulting from unintentional policy violations and in turn, avoid costly remediation efforts.
Keywords: information security; InfoSec; training; education; compliance; national culture; insider threat; corporate governance.
International Journal of Information Privacy, Security and Integrity, 2018 Vol.3 No.3, pp.155 - 186
Received: 03 May 2017
Accepted: 13 Jan 2018
Published online: 18 May 2018 *