Influence of Human Factors on the Adaptation of a Security Culture: Evidence from a leading IT company operating in Sri Lanka

Abstract

Despite the immense research on information security, the human factor has been neglected in most of the research communities with majority of the security research leaning towards the technological aspects of information technology system. With the rapid development and introduction of new technological solutions to combat the growing threat on information security, the human factor is still subject to continuous attacks. The human factor plays a significant role in security aspects. Behavior of an individual is greatly influenced by the user’s perceptions on security risks and understanding, whereas, these are directly linked to organizational culture and its environment. This research evaluates the potential human factors influencing a security culture in an organization through the creation of a hypothesis. The research was conducted in a leading software organization to understand the level of established security culture also to identify area that have shown improvements. The study focused on employees to validate two main concepts of human factors and adaptation of a security culture. Data was collected through a structured questionnaire where 90 participants responded and the data was evaluated using the Likert scale. The results have shown that human factors have a significant role in adapting a security culture for an organization and that relationship between the depicted human factors and adaptation of a security culture is moderately strong and positive in context.