Conceptualizing and Learning to Foster Cybersecurity Culture: a Literature Review

EasyChair Preprint no. 10810

Abstract

The purpose of this study is to conceptualize cybersecurity culture and discuss lessons that organizations can learn from the research findings to foster an appropriate cybersecurity culture. The PRISMA method and scoping literature review were used in the study. An intensive literature search was conducted in well-known publishers and online databases. Literature was selected that dealt exclusively with cybersecurity culture. Cybersecurity culture was conceptualized based on Schein's organizational culture model and Van Niekerk & Von Solm's information security culture model. The results show that cybersecurity culture could be defined and conceptualized based on four important elements, namely competencies, behaviors, policy compliance, and practices of employees at all levels of an organization toward the cybersecurity goal of protecting digital assets from intentional cyberattacks or unintentional employee mistakes. In addition to the lessons learned from the literature, organizations could also consider the four important elements proposed in this study to foster their cybersecurity culture and improve their security posture. The main contribution of this study is to provide researchers with an understanding of the current concepts and scope of cybersecurity culture and to simplify the approaches for organizations to foster an appropriate cybersecurity culture.

Keyphrases: cybersecurity culture, cybersecurity culture concept, cybersecurity culture scope, fostering cybersecurity culture

@Booklet{EasyChair:10810,
  author = {Meseret Assefa Adamu},
  title = {Conceptualizing and Learning to Foster Cybersecurity Culture: a Literature Review},
  howpublished = {EasyChair Preprint no. 10810},

  year = {EasyChair, 2023}}