Understanding human aspects for an effective information security management implementation.

Burcu Kör, Bilgin Metin

Research output: Contribution to journalArticleAcademicpeer-review

241 Downloads (Pure)


In today’s world, information security is a trending as well as a crucial topic for both individuals and organizations. Cyber attacks cause financial loss for businesses with data breaches and production loss. Data breaches can result in loss of reputation, reduced customer loyalty, and fines. Also due to cyber attacks, business continuity is affected so that organizations cannot provide continuous production. Therefore, organizations should reduce cyber risks by managing their information security. For this purpose, they may use ISO/IEC 27001 Information Security Management Standard. ISO/IEC 27001:2013 includes 114 controls that are in both technical and organizational level. However, in the practice of security management, individuals’ information security behavior could be underestimated. Herein, technology alone cannot guarantee the safety of information assets in organizations, thereby a range of human aspects should be taken into consideration. In this study, the importance of security behavior with respect to ISO/IEC 27001 information security management implementation is presented. The present study extensively analyses the data collected from a survey of 630 people. The results of reliability measures and confirmatory factor analysis support the scale of the study.
Original languageEnglish
Pages (from-to)105-122
Number of pages18
JournalInternational Journal of Applied Decision Sciences
Issue number2
Publication statusPublished - 2021


Dive into the research topics of 'Understanding human aspects for an effective information security management implementation.'. Together they form a unique fingerprint.

Cite this