期刊名称:Journal of Theoretical and Applied Information Technology
印刷版ISSN:1992-8645
电子版ISSN:1817-3195
出版年度:2014
卷号:64
期号:2
出版社:Journal of Theoretical and Applied
摘要:Establishing information security culture within an organization may include transformation of how employees interact with the information assets which may be challenged with resistance, fear or confusion. Change management skills could assist organization members to smoothly adapt to the new culture. The use of change management in information security culture has been rarely investigated in the literature and very few models have been offered. This paper reviews the available change management models that have been used in information security management. Then it integrates a set of change management principles that were proposed in the literature and combine them to a comprehensive multistep framework that support and guide the transition in information security culture change within organizations. Moreover, the principles will be the base of suggestion of the appropriate guideline to support the effective implementation of change in information security culture. The framework provides guidance to information security professionals and academic researchers in taking proactive steps and measures to facilitate the culture change.
关键词:Change management; Information security culture; Culture change.
