Resources


Recommended Reading


 

Research Article:

For What Technology Can’t Fix:
Building a Model of Organizational Cybersecurity Culture

Huang and Pearlson, 2019

Link (external .pdf)

 

Research Study:

Building a Model of Organizational
Cybersecurity Culture: Identifying Factors Contributing to a Cyber-secure Workplace

Huang and Pearlson, 2019

Link (external .pdf)

 

Whitepaper:

Building a Security Propaganda Machine: The Cybersecurity Culture of Verizon Media

Pearlson et al., 2021

Link (external .pdf)

The Power of Habit

by Charles Duhigg (2014)

A great starting point for understanding habit formation and behavioral change dynamics.  It also addresses the role of habits within a business setting – and how those habits become a corporate culture.

Buy from Amazon

Atomic Habits

by James Clear (2018)

This book continues on with the themes of habit formation and behavioral change.  It adds additional supporting evidence drawing from biology, psychology, and neuroscience to paint a clearer picture of what it really takes to facilitate behavioral shifts.

Buy from Amazon

Tiny Habits

by BJ Fogg (2021)

This book continues on with the themes of habit formation and behavioral change.  It brings a dimension of simplicity to the domain of behaviorism that fosters a greater level of likelihood in making lasting changes that continue to evolve over time – one bite of the elephant at a time. 

Buy from Amazon


…More Journal Articles (May Require Subscription Access)


Jeong, J. J., Oliver, G., Kang, E., Creese, S., & Thomas, P. (2021). The current state of research on people, culture and cybersecurity. Personal & Ubiquitous Computing, 25(5), 809–812. https://doi.org/10.1007/s00779-021-01591-8

Jeong, J. J., Grobler, M., Chamikara, M. A. P., & Rudolph, C. (2019). Fuzzy Logic Application to Link National Culture and Cybersecurity Maturity. 2019 IEEE 5th International Conference on Collaboration and Internet Computing (CIC), Collaboration and Internet Computing (CIC), 2019 IEEE 5th International Conference On, 330–337. https://doi.org/10.1109/CIC48465.2019.00046

 

Malyuk, A., & Miloslavskaya, N. (2016). Cybersecurity culture as an element of IT professional training. 2016 Third International Conference on Digital Information Processing, Data Mining, and Wireless Communications (DIPDMWC), Digital Information Processing, Data Mining, and Wireless Communications (DIPDMWC), 2016 Third International Conference On, 205–210. https://doi.org/10.1109/DIPDMWC.2016.7529390

Da Veiga, A. (2016). A cybersecurity culture research philosophy and approach to develop a valid and reliable measuring instrument. 2016 SAI Computing Conference (SAI), SAI Computing Conference (SAI), 2016, 1006–1015. https://doi.org/10.1109/SAI.2016.7556102

Alshaikh, M. (2020). Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security, 98. https://doi.org/10.1016/j.cose.2020.102003

PĂTRAȘCU, P. (2019). Promoting Cybersecurity Culture through Education. ELearning & Software for Education, 2, 273–279. https://doi.org/10.12753/2066-026X-19-108

Macedo, C. A., & Menting, J. (2019). Building a Cybersecurity Culture in the Industrial Control System Environment. International Journal of Information Security & Cybercrime, 8(1), 39–44. https://doi.org/10.19107/ijisc.2019.01.05

Ioannou, M., Stavrou, E., & Bada, M. (2019). Cybersecurity Culture in Computer Security Incident Response Teams: Investigating difficulties in communication and coordination. 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), Cyber Security and Protection of Digital Services (Cyber Security), 2019 International Conference On, 1–4. https://doi.org/10.1109/CyberSecPODS.2019.8885240


The Levity Effect

by Adrian Gostick and Scott Christopher (2008)

For many years I’ve argued that we tend to develop our policies, processes, and practices around compliance requirements – an approach that does absolutely nothing for the individual or the organization and is completely counterproductive.  The Levity Effect is one way to start seeing things through a lighter lens – one that may allow us to do a better job of connecting with the actual human beings whose behaviors we’re trying to influence. 

Buy from Amazon

Humor, Seriously

by Jennifer Aaker and Naomi Bagdonas (2021)

This book builds on the Levity Effect by continuing to explore how we can bring elements of humor and lightness to the various business activities that we engage in – especially those relating to cybersecurity.  This one even offers some lessons and insights into the process of ‘being funny’, and shows anyone how to bring their irreverence forward in a fun and mirthful way. 

Buy from Amazon

Connect

by David Bradford and Carole Robin (2021)

Taking a step back from the organization and embracing the personal, this book is based on the Stanford Graduate School of Business course ‘Interpersonal Dynamics’ and is rich with information that can help reframe the way that we engage people in the workplace at an individual level.  Its concepts can be mined for gold and transformed into a powerful undercurrent that informs cybersecurity messaging. 

Buy from Amazon


…More Journal Articles (May Require Subscription Access)


Olsen, C., & Schalkle, B. L. (2020, July 1). Safely Climbing the Smarter Cities Mountain: Creating a Cybersecurity-first Culture for a Zero-trust Smarter City. Public Management, 102(7), 40. 

Leenen, L., & van Vuuren, J. C. J. (2019). Framework for the Cultivation of a Military Cybersecurity Culture. Proceedings of the International Conference on Cyber Warfare & Security, 212–216.

Ghernouti-Helie, S. (2010). A National Strategy for an Effective Cybersecurity Approach and Culture. 2010 International Conference on Availability, Reliability and Security, Availability, Reliability, and Security, 2010. ARES ’10 International Conference On, 370–373. https://doi.org/10.1109/ARES.2010.119

Shires, J. (2020). Cyber-noir: Cybersecurity and popular culture. Contemporary Security Policy, 41(1), 82–107. https://doi.org/10.1080/13523260.2019.1670006

Pearlson, K., Sposito, S., Arbisman, M., & Schwartz, J. A. (2021). How Yahoo Built a Culture of Cybersecurity. Harvard Business Review Digital Articles, 1–7.

Fisher, R., Porod, C., & Peterson, S. (2021). Motivating Employees and Organizations to Adopt a Cybersecurity-Focused Culture. Journal of Organizational Psychology, 27(1), 114–131.