Developing a cyber security culture: Current practices and future needs
While the creation of a strong security culture has been researched and discussed for decades, it continues to elude many businesses. Part of the challenge faced is distilling pertinent, recent academic findings and research into useful guidance.
This article aims to tackle this issue by conducting a state-of-the-art study into organisational cyber security culture research. This work investigates four questions, including how cyber security culture is defined, what factors are essential to building and maintaining such a culture, the frameworks proposed to cultivate a security culture and the metrics suggested to assess it.