Military Science and Tactics

Military Science and Tactics

The correct behavioral pattern of information security employees in the face of cyber security threats with the mediating role of policy and organizational culture

Document Type : Research/Original/Regular Article

Authors
mohammad bagher Raen Abromand 1
sedigheh mohammadesmaeil 2
Dariush Matlabi 3
1 Ph.D. student in Information Science and Epistemology, Islamic Azad University Research Science Unit, Tehran, Iran.
2 Associate Professor, Department of Information Science and Epistemology, Research Sciences Unit, Islamic Azad University, Tehran.Iran.
3 Associate Professor, Department of Educational Sciences, Yadgar Imam Khomeini (RA) Shahrari Unit, Islamic Azad University, Tehran, Iran.
10.22034/qjmst.2025.2010648.1941
Abstract
Objective: In this research, the effective factors on the behavior of information security employees were investigated and the role of organizational culture on the behavioral pattern of employees was determined and an optimal behavioral pattern was proposed.
Methodology: The research analyzed the factors affecting the behavioral pattern in the face of cyber security threats using a combined method, and the effect of policy and organizational culture on it was investigated with a meta-composite (sequential-exploratory) method.
Findings: First, 270 primary sources including domestic and foreign articles were screened and 83 domestic sources and 29 foreign sources were selected. From these sources, 142 indicators consisting of 5 dimensions and 17 components were extracted, then with the help of the two-stage Delphi method, the questions were evaluated and validated, and 11 indicators were removed from them, and in the quantitative stage, a questionnaire with 131 questions was created. It was prepared and information security experts answered the questionnaire.
Originality: By analyzing the data using SPSS and MATLAB software. It was found that there is a statistically significant relationship between the two characteristics of policy and organizational culture and the behavior pattern of information security experts in relation to information security policy.
Keywords
Behavioral pattern
information security
cyber threats
hybrid method
organizational culture
 
·         Ahmed, S. , & Hassan, M. (2003). Survey and case investigations on application of quality management tools and techniques in SMIs.  International Journal of Quality & Reliability Management20(7), 795-826.
·         AlHogail, A. (2015). Design and validation of information security culture framework.  Computers in human behavior, 49, 567-575.
·         Ali, R. F. , Dominic, P. D. D. , Ali, S. E. A. , Rehman, M. , & Sohail, A. (2021). Information security behavior and information security policy compliance: A systematic literature review for identifying the transformation process from noncompliance to compliance.  Applied Sciences, 11(8), 3383.
·         Alshaikh, M. (2020). Developing cybersecurity culture to influence employee behavior: A practice perspective.  Computers & Security, 98, 102003.
·         Ansari, M. F. , Sharma, P. K. , & Dash, B. (2022). Prevention of phishing attacks using AI-based Cybersecurity Awareness Training.  Prevention.
·         Chen, X. , & Tyran, C. K. (2023). A Framework for Analyzing and Improving ISP Compliance.  Journal of Computer Information Systems, 1-16.
·         Colwill, C. (2009). Human factors in information security: The insider threat–Who can you trust these days? Information security technical report, 14(4), 186-196.
·         Deal, T. & Kennedy, A. (1999). The New Corporate Cultures: Revitalizing the workplace after Downsizing, Mergers, and Reengineering. Cambridge: Basic Books, a member of the Perseus Books Group
·         Ernest Chang, S. and Lin, C. (2007), Exploring organizational culture for information security management, Industrial Management & Data Systems, Vol. 107 No. 3, pp. 438-458. https: //doi. org/10. 1108/02635570710734316
·         Fornell, C. , & Larcker, D. F. (1981). Evaluating structural equation models with unobservable variables and measurement error.  Journal of marketing research, 18(1), 39-50.
·         Karlsson, M. , Karlsson, F. , Åström, J. and Denk, T. (2022), The effect of perceived organizational culture on employees’ information security compliance, Information and Computer Security, Vol. 30 No. 3, pp. 382-401. https: //doi. org/10. 1108/ICS-06-2021-0073
·         Moti Zwilling et al. (2022). “Cyber Security Awareness, Knowledge and Behavior: A Comparative Study”, Journal of Computer Information Systems Volume 62, - Issue 1
·         Niekerk, J. v. , & Solms, R. v. (2005). A holistic framework for the fostering of an information security sub-culture in organizations. Nelson Mandela Metropolitan University.
·         Parsons, K. M. , Young, E. , Butavicius, M. A. , McCormac, A. , Pattinson, M. R. , & Jerram, C. (2015). The Influence of Organizational Information Security Culture on Information Security Decision Making. Journal of Cognitive Engineering and Decision Making, 9(2), 117–129. https: //doi. org/10. 1177/1555343415575152
·         Rahimli, Ailar. (2012). Knowledge Management and Competitive Advantage. Information and Knowledge Management. 37-43.
·         Solomon, G. and Brown, I. (2021), The influence of organisational culture and information security culture on employee compliance behaviour, Journal of Enterprise Information Management, Vol. 34 No. 4, pp. 1203-1228. https: //doi. org/10. 1108/JEIM-08-2019-0217
·         Stanton, J. , Mastrangelo, P. , Stam, K. , & Jolton, J. (2004). Behavioral information security: Two end user survey studies of motivation and security practices.
·         Tejay, G. P. , & Mohammed, Z. A. (2023). Cultivating security culture for information security success: A mixed-methods study based on anthropological perspective.  Information & Management, 60(3), 103751.
·         Xiaofen Ma, (2022) “IS professionals’ information security behaviors in Chinese IT organizations for information security protection”, Information Processing & Management.
Military Science and Tactics
Volume 21, Issue 72
Summer 2025
Pages 35-68