Computer security, also known as cyber security or computer security, is the protection of computer systems against theft or damage to your hardware, software or information, as well as interruption or misdirection of the services they provide.
Cyber security includes the control of physical access to hardware, as well as protection against damage that may occur through network access, data injection and code. In addition, due to the negligence of operators, whether intentional, accidental, IT security is likely to be misled into diverting safe procedures through various methods.
The field is of growing importance due to the growing reliance on computer systems and the Internet, wireless networks such as Bluetooth and Wi-Fi, and the growth of "smart" devices, including smartphones, televisions and small devices as part of the Internet of Things .
Employee behavior can have a major impact on information security in organizations. Cultural concepts can help different segments of the organization to work effectively or work against the effectiveness of information security within an organization. "Exploring the Relationship between Organizational Culture and Information Security Culture" provides the following definition of culture of information security: "ISC is the totality of patterns of behavior in an organization that contribute to the protection of information of all kinds" .
Andersson and Reimers (2014) found that employees often do not see themselves as part of the organization's Information Security "effort" and often take actions that ignore the organizational interests of Information Security. Research shows that the culture of information security needs to be continually improved. In "Culture of Information Security from Analysis to Change," the authors commented: "It is an endless process, a cycle of evaluation and change or maintenance." To manage the culture of information security, five steps must be taken: Strategic pre-assessment Planning, operational planning, implementation and post-evaluation.
• Pre-evaluation: identify the awareness of information security within the employees and analyze the current security policy.
• Strategic planning: to create a better awareness program, we need to set clear objectives. Grouping people is useful to achieve this.
• Operational Planning: we can establish a good safety culture based on internal communication, management-buy-in and the security awareness and training program.
• Implementation: four stages should be used to implement the culture of information security. They are the commitment of management, communication with members of the organization, courses for all members of the organization, and commitment of employees.