COMPARISON OF INFORMATION SECURITY CULTURES: EVALUATION FROM THE PERSPECTIVE OF INDIVIDUALS IN ORGANIZATIONS

Abstract

This research evaluates comparative information security cultures across organizations, focusing on individual perspectives regarding awareness, knowledge, compliance, and behavior. This research involved three types of organizations: Organization A, which operates entirely in the IT sector; Organization B, a non-IT organization that uses IT in its operations; and Organization C, also a non-IT organization but using IT in a limited capacity. The results showed that Organization A obtained the highest scores in all categories measured—awareness (4.4), knowledge (4.42), compliance (4.42), and behavior (4.42)—indicating understanding and implementation of IT practices excellent performance and a strong commitment to information security standards. In contrast, Organization B showed lower mean scores—awareness (3.75), knowledge (3.74), compliance (3.71), and behavior (3.79)—indicating less than optimal IT integration and implementation despite the technology used. Organization C, which uses IT to a limited extent, shows results that fall between those of Organizations A and B—awareness (3.97), knowledge (4), compliance (3.92), and behavior (3.96)—indicating good knowledge. good but faces challenges in full integration and practice. These findings confirm the relationship between an organization's focus on IT and the effectiveness of information security practices. To improve an information security culture, organizations need to focus on improving training and education, strengthening policies and procedures, investing in IT resources, increasing technology integration, and building an organizational culture that supports information security. These steps are important to address existing deficiencies, increase security effectiveness, and better protect data and information.