Modelling organizational information security culture: the case of Malaysian public organization / Qamarul Nazrin Harun

In the Industrial Revolution 4.0 (IR 4.0), information security has been highlighted as one of the critical component that needs to be addressed by industry practitioners. To this effect, the deployment of information security controls, both technical and nontechnical is very essential so as to safeguard and protect organizational information from any form of threats or danger. Information Security Culture (ISC) is a term used to describe a situation where not only members aware and skillful in terms of information security, but the process and procedure as well as the technologies are also in place to protect and safeguard organizational information. In line with the growing number of reported cases of information security breaches, there is also a growing interest among researchers to study ISC. However, given that the requirements and the characteristics of ISC vary from one organization to other organization, these frameworks and models cannot be easily applied to all organizational settings.