A Statistical Research: The Effectiveness of Information Security Culture in Organizations concerning Organizational Culture

Information is now the most important asset that a person, an organization, or business needs, and securing it will always be on headlines. Researchers say that "Information Security (IS) is not an IT problem anymore; it is a business issue." Maintaining information security is becoming more challenging day by day as the involvement of humans prevails in both causing damage to information and protecting it. As human is the weakest link in securing information, there is a need to look into the relationship between organizational culture (OC) and Information Security Culture (ISC) in an organization. Researchers have found the relation between the behavioral aspects of an employee and ISC. This paper shows a statistical relation between the four types of OC and ISC and a framework which shows the ranking among the culture types, is also depicts the importance given by each culture to Information Security considering confidentiality, availability, and integrity of information. The four types of OC (Clan Culture, Hierarchy Culture, Adhocracy Culture, and Market Culture) as per Competing Value Framework were mapped against IS triad with ranking given to the OC. From the analysis done, the research outcome was that Hierarchy Culture gives utmost importance to ISC, thus giving the organizations a set of qualities that can be imbibed.