Toward a US Army Cyber Security Culture

Christopher Paul; Isaac Porche

Toward a US Army Cyber Security Culture

Christopher Paul, Isaac Porche

Research output: Contribution to journal › Article › peer-review

Abstract

One of the reasons offered for gaps in organizations’ cyber security is the lack of a “cyber security culture.” This article defines and explores the concept of cyber security culture within the context of the U.S. Army. It concludes that the Army would benefit from the creation and adoption of a cyber security culture, though it would not be a security panacea. The article concludes by identifying and describing important elements of such a culture and practical advice for approaching culture change. These include: the development of policies that can be understood, adhered to, and enforced; change management efforts that unfreeze current culture, seek change, then refreeze/institutionalize changes; a structure that offers incentives for desired behaviors but also identifies and enforces compliance; and change efforts that emphasize change in knowledge/awareness and in attitude.

Original language	English (US)
Journal	International Journal of Cyber Warfare and Terrorism
Volume	1
Issue number	3
State	Published - Jul 1 2011

Cite this

@article{59769660df0641d69feb84795cbd6f2c,

title = "Toward a US Army Cyber Security Culture",

abstract = "One of the reasons offered for gaps in organizations{\textquoteright} cyber security is the lack of a “cyber security culture.” This article defines and explores the concept of cyber security culture within the context of the U.S. Army. It concludes that the Army would benefit from the creation and adoption of a cyber security culture, though it would not be a security panacea. The article concludes by identifying and describing important elements of such a culture and practical advice for approaching culture change. These include: the development of policies that can be understood, adhered to, and enforced; change management efforts that unfreeze current culture, seek change, then refreeze/institutionalize changes; a structure that offers incentives for desired behaviors but also identifies and enforces compliance; and change efforts that emphasize change in knowledge/awareness and in attitude.",

author = "Christopher Paul and Isaac Porche",

year = "2011",

month = jul,

day = "1",

language = "English (US)",

volume = "1",

journal = "International Journal of Cyber Warfare and Terrorism",

issn = "1947-3435",

publisher = "IGI Global Publishing",

number = "3",

}

TY - JOUR

T1 - Toward a US Army Cyber Security Culture

AU - Paul, Christopher

AU - Porche, Isaac

PY - 2011/7/1

Y1 - 2011/7/1

N2 - One of the reasons offered for gaps in organizations’ cyber security is the lack of a “cyber security culture.” This article defines and explores the concept of cyber security culture within the context of the U.S. Army. It concludes that the Army would benefit from the creation and adoption of a cyber security culture, though it would not be a security panacea. The article concludes by identifying and describing important elements of such a culture and practical advice for approaching culture change. These include: the development of policies that can be understood, adhered to, and enforced; change management efforts that unfreeze current culture, seek change, then refreeze/institutionalize changes; a structure that offers incentives for desired behaviors but also identifies and enforces compliance; and change efforts that emphasize change in knowledge/awareness and in attitude.

AB - One of the reasons offered for gaps in organizations’ cyber security is the lack of a “cyber security culture.” This article defines and explores the concept of cyber security culture within the context of the U.S. Army. It concludes that the Army would benefit from the creation and adoption of a cyber security culture, though it would not be a security panacea. The article concludes by identifying and describing important elements of such a culture and practical advice for approaching culture change. These include: the development of policies that can be understood, adhered to, and enforced; change management efforts that unfreeze current culture, seek change, then refreeze/institutionalize changes; a structure that offers incentives for desired behaviors but also identifies and enforces compliance; and change efforts that emphasize change in knowledge/awareness and in attitude.

UR - https://www.igi-global.com/article/toward-army-cyber-security-culture/69773#:~:text=It%20concludes%20that%20the%20Army%20would%20benefit%20from,culture%20and%20practical%20advice%20for%20approaching%20culture%20change.

UR - https://www.rand.org/pubs/external_publications/EP51060.html

M3 - Article

SN - 1947-3435

VL - 1

JO - International Journal of Cyber Warfare and Terrorism

JF - International Journal of Cyber Warfare and Terrorism

IS - 3

ER -

Toward a US Army Cyber Security Culture

Abstract

Other files and links

Fingerprint

Cite this