European Journal of Business and Management

The rationale behind an organization’s information system is to provide access to its information resources and services anywhere anytime over networks. This need creates issues of security in the management of the information systems. The information system approach is socio-technical by nature, involving people and processes as well as technologies; hence, the culture and characteristics of the organization are factors in effective information security management. This implies that the concept of information management is multi-dimensional and includes the human, organizational and technological dimensions. Stemming from this information security culture is considered as an important factor in the management of information security in an organization by overcoming the problem with employees’ lack of compliance with information security management initiatives. However the security culture of an organization is based on the different security subcultures of different sections or subsections that have its basis on the training backgrounds of the individuals and or different tasks performed by each of the groups or a combination of both. This paper addresses information security from the management point of view paying close attention to the information security subculture as seen in the organizations and looks into different methods that the security subcultures can be studied in relation to information security management.

Keywords: Information security management system, organizational culture, information security culture, information security subculture.