{"id":"https://openalex.org/W3181691485","doi":"https://doi.org/10.1145/3466933.3466981","title":"Understanding the information security culture of organizations: Results of a Survey","display_name":"Understanding the information security culture of organizations: Results of a Survey","publication_year":2021,"publication_date":"2021-06-07","ids":{"openalex":"https://openalex.org/W3181691485","doi":"https://doi.org/10.1145/3466933.3466981","mag":"3181691485"},"language":"en","primary_location":{"id":"doi:10.1145/3466933.3466981","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3466933.3466981","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"XVII Brazilian Symposium on Information Systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5074747366","display_name":"Pedro Albuquerque Santos","orcid":"https://orcid.org/0000-0001-8159-1364"},"institutions":[{"id":"https://openalex.org/I25112270","display_name":"Universidade Federal de Pernambuco","ror":"https://ror.org/047908t24","country_code":"BR","type":"education","lineage":["https://openalex.org/I25112270"]}],"countries":["BR"],"is_corresponding":true,"raw_author_name":"Pedro Santos","raw_affiliation_strings":["Universidade Federal de Pernambuco (UFPE)"],"affiliations":[{"raw_affiliation_string":"Universidade Federal de Pernambuco (UFPE)","institution_ids":["https://openalex.org/I25112270"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072977457","display_name":"Mariana Peixoto","orcid":"https://orcid.org/0000-0002-5399-4155"},"institutions":[{"id":"https://openalex.org/I25112270","display_name":"Universidade Federal de Pernambuco","ror":"https://ror.org/047908t24","country_code":"BR","type":"education","lineage":["https://openalex.org/I25112270"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Mariana Peixoto","raw_affiliation_strings":["Universidade Federal de Pernambuco (UFPE)"],"affiliations":[{"raw_affiliation_string":"Universidade Federal de Pernambuco (UFPE)","institution_ids":["https://openalex.org/I25112270"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5083296921","display_name":"J\u00e9ssyka Vilela","orcid":"https://orcid.org/0000-0002-5541-5188"},"institutions":[{"id":"https://openalex.org/I25112270","display_name":"Universidade Federal de Pernambuco","ror":"https://ror.org/047908t24","country_code":"BR","type":"education","lineage":["https://openalex.org/I25112270"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"J\u00e9ssyka Vilela","raw_affiliation_strings":["Universidade Federal de Pernambuco (UFPE)"],"affiliations":[{"raw_affiliation_string":"Universidade Federal de Pernambuco (UFPE)","institution_ids":["https://openalex.org/I25112270"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5074747366"],"corresponding_institution_ids":["https://openalex.org/I25112270"],"apc_list":null,"apc_paid":null,"fwci":0.8263,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.78356798,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.991100013256073,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9715999960899353,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.7082009315490723},{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.5999958515167236},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.5972096920013428},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.5101883411407471},{"id":"https://openalex.org/keywords/information-security-audit","display_name":"Information security audit","score":0.48771557211875916},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.48329809308052063},{"id":"https://openalex.org/keywords/action","display_name":"Action (physics)","score":0.480020672082901},{"id":"https://openalex.org/keywords/information-security-standards","display_name":"Information security standards","score":0.47435224056243896},{"id":"https://openalex.org/keywords/organizational-culture","display_name":"Organizational culture","score":0.444196492433548},{"id":"https://openalex.org/keywords/certified-information-security-manager","display_name":"Certified Information Security Manager","score":0.43449151515960693},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.43091028928756714},{"id":"https://openalex.org/keywords/standard-of-good-practice","display_name":"Standard of Good Practice","score":0.4265690743923187},{"id":"https://openalex.org/keywords/public-relations","display_name":"Public relations","score":0.38371098041534424},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.36731016635894775},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.34078359603881836},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.31632059812545776},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.2702808082103729},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.19071784615516663},{"id":"https://openalex.org/keywords/political-science","display_name":"Political science","score":0.14012396335601807},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.12909650802612305},{"id":"https://openalex.org/keywords/network-security-policy","display_name":"Network security policy","score":0.10388186573982239},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.08257296681404114}],"concepts":[{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.7082009315490723},{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.5999958515167236},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.5972096920013428},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.5101883411407471},{"id":"https://openalex.org/C39358052","wikidata":"https://www.wikidata.org/wiki/Q2578632","display_name":"Information security audit","level":5,"score":0.48771557211875916},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.48329809308052063},{"id":"https://openalex.org/C2780791683","wikidata":"https://www.wikidata.org/wiki/Q846785","display_name":"Action (physics)","level":2,"score":0.480020672082901},{"id":"https://openalex.org/C139547956","wikidata":"https://www.wikidata.org/wiki/Q6031202","display_name":"Information security standards","level":5,"score":0.47435224056243896},{"id":"https://openalex.org/C67674302","wikidata":"https://www.wikidata.org/wiki/Q730573","display_name":"Organizational culture","level":2,"score":0.444196492433548},{"id":"https://openalex.org/C180823521","wikidata":"https://www.wikidata.org/wiki/Q1662502","display_name":"Certified Information Security Manager","level":5,"score":0.43449151515960693},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.43091028928756714},{"id":"https://openalex.org/C47309137","wikidata":"https://www.wikidata.org/wiki/Q7598357","display_name":"Standard of Good Practice","level":5,"score":0.4265690743923187},{"id":"https://openalex.org/C39549134","wikidata":"https://www.wikidata.org/wiki/Q133080","display_name":"Public relations","level":1,"score":0.38371098041534424},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.36731016635894775},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.34078359603881836},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.31632059812545776},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.2702808082103729},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.19071784615516663},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.14012396335601807},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.12909650802612305},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.10388186573982239},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.08257296681404114},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3466933.3466981","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3466933.3466981","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"XVII Brazilian Symposium on Information Systems","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.7699999809265137}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W30112180","https://openalex.org/W104333925","https://openalex.org/W130586833","https://openalex.org/W1561538986","https://openalex.org/W1564623840","https://openalex.org/W1567353878","https://openalex.org/W1591380056","https://openalex.org/W1975571479","https://openalex.org/W1981071457","https://openalex.org/W2071674092","https://openalex.org/W2080940090","https://openalex.org/W2082765746","https://openalex.org/W2088489410","https://openalex.org/W2336900220","https://openalex.org/W2568632554","https://openalex.org/W2746998923","https://openalex.org/W2767228426","https://openalex.org/W2886241407","https://openalex.org/W2993116777","https://openalex.org/W2997397251","https://openalex.org/W3022544700","https://openalex.org/W3024271340","https://openalex.org/W3112531412","https://openalex.org/W3165227688","https://openalex.org/W4285719527"],"related_works":["https://openalex.org/W2584162156","https://openalex.org/W2483557577","https://openalex.org/W2741061559","https://openalex.org/W1567258312","https://openalex.org/W2126017555","https://openalex.org/W2049188895","https://openalex.org/W4285359482","https://openalex.org/W2158479160","https://openalex.org/W4386208045","https://openalex.org/W3005750480"],"abstract_inverted_index":{"A":[0],"strong":[1],"information":[2,55,86,112,128,142],"security":[3,56,87,129,143,159],"culture":[4,53,144],"in":[5,57,77,126,145,154,161],"organizations":[6,58,146],"contributes":[7],"to":[8,12,36,47,60,83,157],"reduce":[9],"incidents":[10],"related":[11],"leaks":[13,29],"of":[14,22,41,54,65,97,109,136,140],"sensitive":[15],"and":[16,59,114,121,152],"private":[17,98],"information.":[18],"Considering":[19],"that":[20,26,80,102],"one":[21],"the":[23,38,52,62,78,85,123,127,137,141],"main":[24],"factors":[25],"cause":[27],"such":[28],"is":[30,34,104,116],"human":[31],"action,":[32],"it":[33],"necessary":[35],"evaluate":[37],"current":[39,63,138],"state":[40,64],"organizations\u2019":[42],"culture.":[43,88],"This":[44,131],"work":[45,132],"aims":[46],"identify":[48],"methods":[49],"for":[50,107],"assessing":[51],"characterize":[61],"this":[66],"topic.":[67],"We":[68,100],"conducted":[69],"a":[70,105],"survey":[71,90],"using":[72],"an":[73,134],"evaluation":[74],"instrument":[75],"proposed":[76],"literature":[79],"includes":[81],"dimensions":[82],"assess":[84],"The":[89],"received":[91],"75":[92],"responses,":[93],"mostly":[94],"from":[95],"employees":[96,110],"institutions.":[99],"observed":[101],"there":[103,115],"need":[106],"training":[108],"on":[111],"security,":[113],"incongruity":[117],"between":[118],"knowing,":[119],"understanding":[120,135],"applying":[122],"procedures":[124],"described":[125],"policy.":[130],"provided":[133],"status":[139],"whose":[147],"results":[148],"can":[149],"be":[150],"expanded":[151],"used":[153],"future":[155],"studies":[156],"improve":[158],"practices":[160],"organizations.":[162]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":1}],"updated_date":"2026-02-27T16:54:17.756197","created_date":"2025-10-10T00:00:00"}