Title: Identifying the Mechanisms of Information Security Incidents through Corporate Culture Variables and Sampling

Issue Number: Vol. 5, No. 2
Year of Publication: March - 2016
Page Numbers: 61-74
Authors: Abdullah Almubark, Nobutoshi Hatanaka, Osamu Uchida, Yukiyo Ikeda
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P002025

Abstract:


Leakage of secret information has increasingly become a societal problem. Information leaks typically target specific organizations or persons, and a magnitude of risk involved in information security is considered part of normal business. This research aims to identify the causes of information leaks by applying organizational theory and analysis tools in order to reveal the mechanisms behind information security incidents. Furthermore, this research discusses the relationship between organizational objectives and social values in order to propose solutions for organizational weaknesses. The research finds that three facets of corporate culture are of value in identifying the causes of secret information leaks. Five clusters were derived through analysis of the sampled organizations, which had experienced information security incidents in the past. In addition, the efficiency of the controls and objectives for ISO/IEC 27001 was evaluated, and suggestions were given in this paper for improving the corporate culture within which incidents and accidents of information security occur.