| dc.description.abstract | The great use of technologies and
flexible work environment introduce
complex scenarios to consider for
enterprises to assure Enterprise Information
Security (EIS). Further the success/failure of
EIS effectively rely on behaviour of
stakeholders of an enterprise irrespective to
the available comprehensive enough
technical infrastructure. Therefore, the
Security Culture (SC) is recommended to
implement at the initial phase to reduce the
risk of unacceptable behaviour of
stakeholders. Moreover, the SC is further
important for Small and Medium Enterprises
(SMEs), because comprehensive technical
implementation to assure information
security is not affordable with limited
budget, resources and technical staff. The SC
can be introduced as iterative process which
must start from somewhere based on
primary considerations and improve as
required through multiple iterations to fulfil
EIS need. The frequent evolvement of SC is
essential to addresses consequences of
technological development. The SC can be
introduced as sub culture of organisation
culture, because each stakeholder of the
enterprise has active part on assuring EIS in
their regular tasks. The mature SC delivers
the understand of importance of assuring
information security, individual
responsibility in security aspects which is
way over the general organisational culture,
as people is the weakest(only link) for
EIS(the technology). Further, people is the
first line of defence in any attack, so they
must be aware and prepared to represent
“Human Firewall”. As a result, analyzing
assets, analyzing threats, analyzing
vulnerabilities, risk assessment, standards
and framework, policies and procedures,
responsibility, maintenance, stakeholder
awareness aspects should be prioritized for
implementing SC. Nevertheless, the effective
ways to deliver awareness among
stakeholders within a SME for enterprise
security management should be identified.
The successful implementation of SC
contributes to EIS for SME effectively. | en_US |
