The Power of Habit
by Charles Duhigg (2014)
A great starting point for understanding habit formation and behavioral change dynamics. It also addresses the role of habits within a business setting – and how those habits become a corporate culture.
by James Clear (2018)
This book continues on with the themes of habit formation and behavioral change. It adds additional supporting evidence drawing from biology, psychology, and neuroscience to paint a clearer picture of what it really takes to facilitate behavioral shifts.
by BJ Fogg (2021)
This book continues on with the themes of habit formation and behavioral change. It brings a dimension of simplicity to the domain of behaviorism that fosters a greater level of likelihood in making lasting changes that continue to evolve over time – one bite of the elephant at a time.
…More Journal Articles (May Require Subscription Access)
Jeong, J. J., Oliver, G., Kang, E., Creese, S., & Thomas, P. (2021). The current state of research on people, culture and cybersecurity. Personal & Ubiquitous Computing, 25(5), 809–812. https://doi.org/10.1007/s00779-021-01591-8
Jeong, J. J., Grobler, M., Chamikara, M. A. P., & Rudolph, C. (2019). Fuzzy Logic Application to Link National Culture and Cybersecurity Maturity. 2019 IEEE 5th International Conference on Collaboration and Internet Computing (CIC), Collaboration and Internet Computing (CIC), 2019 IEEE 5th International Conference On, 330–337. https://doi.org/10.1109/CIC48465.2019.00046
Malyuk, A., & Miloslavskaya, N. (2016). Cybersecurity culture as an element of IT professional training. 2016 Third International Conference on Digital Information Processing, Data Mining, and Wireless Communications (DIPDMWC), Digital Information Processing, Data Mining, and Wireless Communications (DIPDMWC), 2016 Third International Conference On, 205–210. https://doi.org/10.1109/DIPDMWC.2016.7529390
Da Veiga, A. (2016). A cybersecurity culture research philosophy and approach to develop a valid and reliable measuring instrument. 2016 SAI Computing Conference (SAI), SAI Computing Conference (SAI), 2016, 1006–1015. https://doi.org/10.1109/SAI.2016.7556102
Alshaikh, M. (2020). Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security, 98. https://doi.org/10.1016/j.cose.2020.102003
PĂTRAȘCU, P. (2019). Promoting Cybersecurity Culture through Education. ELearning & Software for Education, 2, 273–279. https://doi.org/10.12753/2066-026X-19-108
Macedo, C. A., & Menting, J. (2019). Building a Cybersecurity Culture in the Industrial Control System Environment. International Journal of Information Security & Cybercrime, 8(1), 39–44. https://doi.org/10.19107/ijisc.2019.01.05
Ioannou, M., Stavrou, E., & Bada, M. (2019). Cybersecurity Culture in Computer Security Incident Response Teams: Investigating difficulties in communication and coordination. 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), Cyber Security and Protection of Digital Services (Cyber Security), 2019 International Conference On, 1–4. https://doi.org/10.1109/CyberSecPODS.2019.8885240
The Levity Effect
by Adrian Gostick and Scott Christopher (2008)
For many years I’ve argued that we tend to develop our policies, processes, and practices around compliance requirements – an approach that does absolutely nothing for the individual or the organization and is completely counterproductive. The Levity Effect is one way to start seeing things through a lighter lens – one that may allow us to do a better job of connecting with the actual human beings whose behaviors we’re trying to influence.
by Jennifer Aaker and Naomi Bagdonas (2021)
This book builds on the Levity Effect by continuing to explore how we can bring elements of humor and lightness to the various business activities that we engage in – especially those relating to cybersecurity. This one even offers some lessons and insights into the process of ‘being funny’, and shows anyone how to bring their irreverence forward in a fun and mirthful way.
by David Bradford and Carole Robin (2021)
Taking a step back from the organization and embracing the personal, this book is based on the Stanford Graduate School of Business course ‘Interpersonal Dynamics’ and is rich with information that can help reframe the way that we engage people in the workplace at an individual level. Its concepts can be mined for gold and transformed into a powerful undercurrent that informs cybersecurity messaging.
…More Journal Articles (May Require Subscription Access)
Olsen, C., & Schalkle, B. L. (2020, July 1). Safely Climbing the Smarter Cities Mountain: Creating a Cybersecurity-first Culture for a Zero-trust Smarter City. Public Management, 102(7), 40.
Leenen, L., & van Vuuren, J. C. J. (2019). Framework for the Cultivation of a Military Cybersecurity Culture. Proceedings of the International Conference on Cyber Warfare & Security, 212–216.
Ghernouti-Helie, S. (2010). A National Strategy for an Effective Cybersecurity Approach and Culture. 2010 International Conference on Availability, Reliability and Security, Availability, Reliability, and Security, 2010. ARES ’10 International Conference On, 370–373. https://doi.org/10.1109/ARES.2010.119
Shires, J. (2020). Cyber-noir: Cybersecurity and popular culture. Contemporary Security Policy, 41(1), 82–107. https://doi.org/10.1080/13523260.2019.1670006
Pearlson, K., Sposito, S., Arbisman, M., & Schwartz, J. A. (2021). How Yahoo Built a Culture of Cybersecurity. Harvard Business Review Digital Articles, 1–7.
Fisher, R., Porod, C., & Peterson, S. (2021). Motivating Employees and Organizations to Adopt a Cybersecurity-Focused Culture. Journal of Organizational Psychology, 27(1), 114–131.