Assessing the level of I.T. security culture improvement: results from three Australian SMEs

Transitioning towards an improved I.T. security culture that fosters desired I.T. security behaviour and attitudes in individuals is pertinent to any organizational I.T. security strategy. To improve the current I.T. security culture of an organization and its members, an initial assessment covering four core questions was necessary to determine how much of an improvement was needed. The assessments and data collection techniques and corresponding results and findings are presented and discussed. The implications of this research will be of great benefit to both practitioners wanting to improve I.T. security culture and awareness in their organization, and will help to fill the lack empirical research within the academic field of I.T. security. ©2009 IEEE.