Show simple item record

dc.contributor.authorPathirana, HPAI
dc.date.accessioned2020-12-31T22:48:39Z
dc.date.available2020-12-31T22:48:39Z
dc.date.issued2020
dc.identifier.urihttp://ir.kdu.ac.lk/handle/345/3023
dc.description.abstractThe great use of technologies and flexible work environment introduce complex scenarios to consider for enterprises to assure Enterprise Information Security (EIS). Further the success/failure of EIS effectively rely on behaviour of stakeholders of an enterprise irrespective to the available comprehensive enough technical infrastructure. Therefore, the Security Culture (SC) is recommended to implement at the initial phase to reduce the risk of unacceptable behaviour of stakeholders. Moreover, the SC is further important for Small and Medium Enterprises (SMEs), because comprehensive technical implementation to assure information security is not affordable with limited budget, resources and technical staff. The SC can be introduced as iterative process which must start from somewhere based on primary considerations and improve as required through multiple iterations to fulfil EIS need. The frequent evolvement of SC is essential to addresses consequences of technological development. The SC can be introduced as sub culture of organisation culture, because each stakeholder of the enterprise has active part on assuring EIS in their regular tasks. The mature SC delivers the understand of importance of assuring information security, individual responsibility in security aspects which is way over the general organisational culture, as people is the weakest(only link) for EIS(the technology). Further, people is the first line of defence in any attack, so they must be aware and prepared to represent “Human Firewall”. As a result, analyzing assets, analyzing threats, analyzing vulnerabilities, risk assessment, standards and framework, policies and procedures, responsibility, maintenance, stakeholder awareness aspects should be prioritized for implementing SC. Nevertheless, the effective ways to deliver awareness among stakeholders within a SME for enterprise security management should be identified. The successful implementation of SC contributes to EIS for SME effectively.en_US
dc.language.isoenen_US
dc.subjectSecurity Cultureen_US
dc.subjectEISen_US
dc.subjectSMEen_US
dc.subjectVulnerabilitiesen_US
dc.subjectThreatsen_US
dc.subjectHuman Firewallen_US
dc.titleUse of Security Culture to Contribute on Enterprise Information Security for the Small and Medium Scale Enterprises (SMEs)en_US
dc.typeArticle Full Texten_US
dc.identifier.journal13th International Research Conference General Sir John Kotelawala Defence Universityen_US
dc.identifier.pgnos387-395en_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record