—The purpose of the paper is to examine the conceptualization of information security culture in order to develop an information security culture measurement model. In order to do so, a comprehensive literature analysis of current information security culture models and frameworks were examined. The outcome of the comprehensive review is a top constructs candidate that conceptualizes security culture. The current paper found no mutual agreement on what factors conceptualize a security culture. Our contribution is being able to identify a clear gap on the existing literature of a lack of clear conceptualization and distinction between factors that constitute
information security culture and factors that influence
information security culture. The distinction clearly has not been made by academic literature on the information security culture. The current study assists academic researchers to identify research gaps in the information security culture field, including identifying further empirical research needed in this area.
—Security culture, factors constitute security culture, factors influence security culture.
Mohammed A. Alnatheer is with the King Abdul-Aziz City for Science and Technology, Riyadh, Saudi Arabia (e-mail: firstname.lastname@example.org).
Cite: Mohammed A. Alnatheer, " A Conceptual Model to Understand Information Security Culture," International Journal of Social Science and Humanity vol. 4, no. 2, pp. 104-107, 2014.