Rethinking the Human Factor in Information Security. From an Information-Centric Perspective to One Based on Organizational Culture

Rethinking the Human Factor in Information Security. From an Information-Centric Perspective to One Based on Organizational Culture

연구 분야: Safety

학회: International Conference on Global Security, Safety, and Sustainability

Modern organizations know that information becomes a strategic asset to develop opportunities and initiatives that allow them to position themselves in a specific sector, create competitive advantages and innovative experiences for their customers. In this sense, the treatment of information by the people of a company, in the scenario of its key processes and objectives, is essential to protect itself from adverse events that compromise its promise of value. Therefore, this paper proposes a review of the current perspective of information security of people based on compliance, awareness and punishment, based on know-how and associated with training and standard practices, to then propose a complementary view based on behaviors, conditions and consequences of unforeseen events, which allows to recognize biases, detect cognitive barriers and place information security in the culture of the organization, where individuals understand the risks, actively want to do the right thing and are provided with all the support to do so.