Towards corporate information security obedience

All organisations possess a corporate culture, whether they are aware of it or not. This culture determines, to a large extent, the effectiveness of an organisation and the behaviour of employees within an organisation. As part of its corporate governance duties, senior management is responsible for the protection of the assets of its organisation. And as information is a vital asset to most organisations, senior management is ultimately responsible for the protection of information assets. An ideal corporate culture, in terms of information security, would be one where the second-nature behaviour of employees, determined by the culture, is to protect information assets. This paper will provide initial guidelines as to how to establish this culture by examining Schein's model and by investigating how to start implementing Corporate Information Security Obedience.