Skip to main content

Research Repository

Advanced Search

An empirical analysis of the information security culture key factors framework

Tolah, Alaa; Furnell, Steven M.; Papadaki, Maria


Alaa Tolah

Maria Papadaki


Information security is a challenge facing organisations, as security breaches pose a serious threat to sensitive information. Organisations face security risks in relation to their information assets, which may also stem from their own employees. Organisations need to focus on employee behaviour to limit security failures, as if they wish to establish effective security culture with employees acting as a natural safeguard for information assets. This study was conducted to respond to a need for more empirical studies that focus on a development of security culture to provide a comprehensive framework. The Information Security Culture and Key Factors Framework has been developed, incorporating two types of factors: those that influence security culture and those that reflect it. This paper validates the applicability of the framework and tests related hypotheses through an empirical study. An exploratory survey was conducted, and 266 valid responses were obtained. Phase two of the study demonstrates the framework levels of validity and reliability through the use of factor analysis. Different hypothetical correlations were analysed through the use of structural equation modelling, with indirect exploratory effect of the moderators achieved through a multi-group analysis. The findings show that the framework has validity and achieved an acceptable fit with the data. This study fills an important gap in the significant relationship between personality traits and security culture. It also contributes to the improvement of information security management through the introduction of a comprehensive framework in practice, which functions in the establishment of security culture. The factors are vital in justifying security culture acceptance, and the framework provides an important tool that can be used to assess and improve an organisational security culture.


Tolah, A., Furnell, S. M., & Papadaki, M. (2021). An empirical analysis of the information security culture key factors framework. Computers and Security, 108,

Journal Article Type Article
Acceptance Date May 29, 2021
Online Publication Date Jun 5, 2021
Publication Date Sep 1, 2021
Deposit Date Jun 6, 2021
Publicly Available Date Jun 6, 2022
Journal Computers and Security
Print ISSN 0167-4048
Publisher Elsevier
Peer Reviewed Peer Reviewed
Volume 108
Article Number 102354
Keywords General Computer Science; Law
Public URL
Publisher URL


This file is under embargo until Jun 6, 2022 due to copyright restrictions.

You might also like

Downloadable Citations