{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,14]],"date-time":"2026-04-14T16:12:06Z","timestamp":1776183126125,"version":"3.50.1"},"publisher-location":"Cham","reference-count":42,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783031121715","type":"print"},{"value":"9783031121722","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-12172-2_11","type":"book-chapter","created":{"date-parts":[[2022,7,21]],"date-time":"2022-07-21T14:14:51Z","timestamp":1658412891000},"page":"133-146","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Security Culture in Industrial Control Systems Organisations: A Literature Review"],"prefix":"10.1007","author":[{"given":"Stefanos","family":"Evripidou","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Uchenna D.","family":"Ani","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jeremy","family":"D McK. Watson","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stephen","family":"Hailes","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,7,22]]},"reference":[{"issue":"1","key":"11_CR1","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1108\/JSIT-02-2018-0028","volume":"21","author":"UD Ani","year":"2019","unstructured":"Ani, U.D., He, H., Tiwari, A.: Human factor security: evaluating the cybersecurity capacity of the industrial workforce. J. Syst. Info. Tech. 21(1), 2\u201335 (2019). https:\/\/doi.org\/10.1108\/JSIT-02-2018-0028","journal-title":"J. Syst. Info. Tech."},{"key":"11_CR2","unstructured":"Critical Infrastructure Sectors | CISA: https:\/\/www.cisa.gov\/critical-infrastructure-sectors . Accessed 27 Nov 2021"},{"key":"11_CR3","doi-asserted-by":"publisher","unstructured":"Ani, U.P.D., He, H., Tiwari, A.: Review of cybersecurity issues in industrial critical infrastructure: manufacturing in perspective. J. Cyber Security Technol. 1(1), 32\u201374 (2017). https:\/\/doi.org\/10.1080\/23742917.2016.1252211.","DOI":"10.1080\/23742917.2016.1252211"},{"issue":"6","key":"11_CR4","doi-asserted-by":"publisher","first-page":"479","DOI":"10.1080\/14639220701635470","volume":"9","author":"GH Walker","year":"2008","unstructured":"Walker, G.H., Stanton, N.A., Salmon, P.M., Jenkins, D.P.: A review of sociotechnical systems theory: a classic concept for new command and control paradigms. Theor. Issues Ergon. Sci. 9(6), 479\u2013499 (2008). https:\/\/doi.org\/10.1080\/14639220701635470","journal-title":"Theor. Issues Ergon. Sci."},{"key":"11_CR5","doi-asserted-by":"publisher","unstructured":"Suaboot, J., et al.: A taxonomy of supervised learning for IDSs in SCADA environments. ACM Comput. Surv. 53(2), 40:1\u201340:37 (2020). https:\/\/doi.org\/10.1145\/3379499","DOI":"10.1145\/3379499"},{"key":"11_CR6","doi-asserted-by":"publisher","unstructured":"Qassim, Q.S., Jamil, N., Daud, M., Patel, A., Ja\u2019affar, N.: A review of security assessment methodologies in industrial control systems. ICS 27(1), 47\u201361 (2019). https:\/\/doi.org\/10.1108\/ICS-04-2018-0048","DOI":"10.1108\/ICS-04-2018-0048"},{"key":"11_CR7","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2015.09.009","volume":"56","author":"Y Cherdantseva","year":"2016","unstructured":"Cherdantseva, Y., et al.: A review of cyber security risk assessment methods for SCADA systems. Comput. Secur. 56, 1\u201327 (2016). https:\/\/doi.org\/10.1016\/j.cose.2015.09.009","journal-title":"Comput. Secur."},{"key":"11_CR8","doi-asserted-by":"crossref","unstructured":"SANS 2019 State of OT\/ICS Cybersecurity Survey | SANS Institute. https:\/\/www.sans.org\/white-papers\/38995\/. Accessed 23 Jul 2021","DOI":"10.1016\/S1361-3723(21)00093-2"},{"key":"11_CR9","unstructured":"APT attacks on industrial organizations in H1 2021 | Kaspersky ICS CERT: Kaspersky ICS CERT | Kaspersky Industrial Control Systems Cyber Emergency Response Team, 26 Oct 2021. https:\/\/ics-cert.kaspersky.com\/reports\/2021\/10\/26\/apt-attacks-on-industrial-organizations-in-h1-2021\/. Accessed 27 Nov 2021"},{"key":"11_CR10","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2021.100464","volume":"35","author":"T Miller","year":"2021","unstructured":"Miller, T., Staves, A., Maesschalck, S., Sturdee, M., Green, B.: Looking back to look forward: lessons learnt from cyber-attacks on industrial control systems. Int. J. Crit. Infrastruct. Prot. 35, 100464 (2021). https:\/\/doi.org\/10.1016\/j.ijcip.2021.100464","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"11_CR11","unstructured":"Florida Hack Exposes Danger to Water Systems | The Pew Charitable Trusts. https:\/\/www.pewtrusts.org\/en\/research-and-analysis\/blogs\/stateline\/2021\/03\/10\/florida-hack-exposes-danger-to-water-systems. Accessed 2 Aug 2021"},{"key":"11_CR12","unstructured":"ENISA: Cyber Security Culture in organisations. https:\/\/www.enisa.europa.eu\/publications\/cyber-security-culture-in-organisations. Accessed 31 May 2021"},{"key":"11_CR13","unstructured":"NCSC: A positive security culture. https:\/\/www.ncsc.gov.uk\/collection\/you-shape-security\/a-positive-security-culture. Accessed 27 Nov 2021"},{"key":"11_CR14","unstructured":"DCMS: Water Sector Cyber Security Strategy, p. 12"},{"key":"11_CR15","doi-asserted-by":"publisher","unstructured":"Frey, S., Rashid, A., Zanutto, A., Busby, J., Follis, K.: On the role of latent design conditions in cyber-physical systems security. In: 2016 IEEE\/ACM 2nd International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS), May 2016, pp. 43\u201346. https:\/\/doi.org\/10.1109\/SEsCPS.2016.015.","DOI":"10.1109\/SEsCPS.2016.015"},{"key":"11_CR16","doi-asserted-by":"publisher","DOI":"10.3850\/978-981-11-2724-3_0761-cd","author":"K Reeg\u00e5rd","year":"2019","unstructured":"Reeg\u00e5rd, K., Blackett, C., Katta, V.: The concept of cybersecurity. Culture (2019). https:\/\/doi.org\/10.3850\/978-981-11-2724-3_0761-cd","journal-title":"Culture"},{"issue":"1","key":"11_CR17","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1016\/j.cose.2006.10.008","volume":"26","author":"AB Ruighaver","year":"2007","unstructured":"Ruighaver, A.B., Maynard, S.B., Chang, S.: Organisational security culture: extending the end-user perspective. Comput. Secur. 26(1), 56\u201362 (2007). https:\/\/doi.org\/10.1016\/j.cose.2006.10.008","journal-title":"Comput. Secur."},{"key":"11_CR18","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101713","volume":"92","author":"A da Veiga","year":"2020","unstructured":"da Veiga, A., Astakhova, L.V., Botha, A., Herselman, M.: Defining organisational information security culture\u2014Perspectives from academia and industry. Comput. Secur. 92, 101713 (2020). https:\/\/doi.org\/10.1016\/j.cose.2020.101713","journal-title":"Comput. Secur."},{"key":"11_CR19","doi-asserted-by":"publisher","unstructured":"Gcaza, N., Solms, R.: Cybersecurity culture: an ill-defined problem, p. 109 (2017). https:\/\/doi.org\/10.1007\/978-3-319-58553-6_9","DOI":"10.1007\/978-3-319-58553-6_9"},{"key":"11_CR20","doi-asserted-by":"publisher","unstructured":"Glaspie, H.W., Karwowski, W.: Human factors in information security culture: a literature review. In: Advances in Human Factors in Cybersecurity, Cham, pp. 269\u2013280 (2018). https:\/\/doi.org\/10.1007\/978-3-319-60585-2_25","DOI":"10.1007\/978-3-319-60585-2_25"},{"key":"11_CR21","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102387","volume":"109","author":"B Uchendu","year":"2021","unstructured":"Uchendu, B., Nurse, J.R.C., Bada, M., Furnell, S.: Developing a cyber security culture: current practices and future needs. Comput. Secur. 109, 102387 (2021). https:\/\/doi.org\/10.1016\/j.cose.2021.102387","journal-title":"Comput. Secur."},{"issue":"3","key":"11_CR22","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1080\/15536548.2005.10855772","volume":"1","author":"M Chan","year":"2005","unstructured":"Chan, M., Woon, I., Kankanhalli, A.: Perceptions of information security in the workplace: linking information security climate to compliant behavior. J. Inf. Priv. Secur. 1(3), 18\u201341 (2005). https:\/\/doi.org\/10.1080\/15536548.2005.10855772","journal-title":"J. Inf. Priv. Secur."},{"key":"11_CR23","doi-asserted-by":"publisher","unstructured":"Beautement, A., Sasse, A., Wonham, M.: The compliance budget: managing security behaviour in organisations, Jan 2008. https:\/\/doi.org\/10.1145\/1595676.1595684","DOI":"10.1145\/1595676.1595684"},{"key":"11_CR24","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1016\/j.jisa.2018.11.003","volume":"44","author":"A Nasir","year":"2019","unstructured":"Nasir, A., Arshah, R.A., Hamid, M.R.A., Fahmy, S.: An analysis on the dimensions of information security culture concept: a review. J. Inf. Secur. Appl. 44, 12\u201322 (2019). https:\/\/doi.org\/10.1016\/j.jisa.2018.11.003","journal-title":"J. Inf. Secur. Appl."},{"key":"11_CR25","doi-asserted-by":"publisher","first-page":"181","DOI":"10.28945\/479","volume":"9","author":"Y Levy","year":"2006","unstructured":"Levy, Y., Ellis, T.J.: A systems approach to conduct an effective literature review in support of information systems research. InformingSciJ 9, 181\u2013212 (2006). https:\/\/doi.org\/10.28945\/479","journal-title":"InformingSciJ"},{"key":"11_CR26","doi-asserted-by":"publisher","unstructured":"Green, B., Prince, D., Roedig, U., Busby, J., Hutchison, D.: Socio-technical security analysis of Industrial Control Systems (ICS). In: Presented at the 2nd International Symposium for ICS & SCADA Cyber Security Research 2014, Sep 2014. https:\/\/doi.org\/10.14236\/ewic\/ics-csr2014.2","DOI":"10.14236\/ewic\/ics-csr2014.2"},{"key":"11_CR27","doi-asserted-by":"publisher","unstructured":"Madnick, S., et al.: Measuring stakeholders\u2019 perceptions of cybersecurity for renewable energy systems. In: Data Analytics for Renewable Energy Integration, Cham, 2017, pp. 67\u201377. https:\/\/doi.org\/10.1007\/978-3-319-50947-1_7","DOI":"10.1007\/978-3-319-50947-1_7"},{"key":"11_CR28","unstructured":"Zanutto, A., Shreeve, B., Follis, K., Busby, J., Rashid, A.: The Shadow Warriors: in the no man\u2019s land between industrial control systems and enterprise IT systems, p. 6 (2017)"},{"key":"11_CR29","doi-asserted-by":"publisher","unstructured":"Michalec, O., Milyaeva, S., Rashid, A.: Reconfiguring governance: how cyber security regulations are reconfiguring water governance. Regul. Gov. https:\/\/doi.org\/10.1111\/rego.12423.","DOI":"10.1111\/rego.12423"},{"key":"11_CR30","doi-asserted-by":"publisher","unstructured":"Shapira, N., Ayalon, O., Ostfeld, A., Farber, Y., Housh, M.: Cybersecurity in water sector: stakeholders perspective. J. Water Resour. Plann. Manage. 147(8), (ASCE)WR.1943-5452.0001400, 05021008 (2021). https:\/\/doi.org\/10.1061\/(ASCE)WR.1943-5452.0001400","DOI":"10.1061\/(ASCE)WR.1943-5452.0001400"},{"key":"11_CR31","doi-asserted-by":"publisher","unstructured":"Skotnes, R.: Division of cyber safety and security responsibilities between control system owners and suppliers. In: Critical Infrastructure Protection X, Cham, 2016, pp. 131\u2013146. https:\/\/doi.org\/10.1007\/978-3-319-48737-3_8","DOI":"10.1007\/978-3-319-48737-3_8"},{"key":"11_CR32","doi-asserted-by":"crossref","unstructured":"N\u00e6vestad, T.O., Meyer, S.F., Honerud, J.H.: Organizational information security culture in critical infrastructure: developing and testing a scale and its relationships to other measures of information security. In: Safety and Reliability \u2013 Safe Societies in a Changing World. CRC Press (2018)","DOI":"10.1201\/9781351174664-379"},{"key":"11_CR33","doi-asserted-by":"crossref","unstructured":"N\u00e6vestad, T.O., Honerud, J.H., Meyer, S.F.: How can we explain improvements in organizational information security culture in an organization providing critical infrastructure? In: Safety and Reliability \u2013 Safe Societies in a Changing World. CRC Press (2018)","DOI":"10.1201\/9781351174664-380"},{"key":"11_CR34","doi-asserted-by":"publisher","unstructured":"Piggin, R.S.H., Boyes, H.A.: Safety and security \u2014 a story of interdependence. In: 10th IET System Safety and Cyber-Security Conference 2015, Oct 2015, pp. 1\u20136. https:\/\/doi.org\/10.1049\/cp.2015.0292","DOI":"10.1049\/cp.2015.0292"},{"key":"11_CR35","unstructured":"Dewey, K., Foster, G., Hobbs, C., Salisbury, D.D.: Nuclear security culture in practice, p. 46 (2021)"},{"key":"11_CR36","unstructured":"Beautement, A., Becker, I., Parkin, S., Krol, K., Sasse, A.: Productive security: a scalable methodology for analysing employee security behaviours, pp. 253\u2013270 (2016) [Online]. Available: https:\/\/www.usenix.org\/conference\/soups2016\/technical-sessions\/presentation\/beautement"},{"issue":"2","key":"11_CR37","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1108\/ICS-12-2015-0048","volume":"24","author":"A Da Veiga","year":"2016","unstructured":"Da Veiga, A.: Comparing the information security culture of employees who had read the information security policy and those who had not: Illustrated through an empirical study. Inf. Comput. Secur. 24(2), 139\u2013151 (2016). https:\/\/doi.org\/10.1108\/ICS-12-2015-0048","journal-title":"Inf. Comput. Secur."},{"key":"11_CR38","doi-asserted-by":"publisher","unstructured":"Tuptuk, N., Hazell, P., Watson, J., Hailes, S.: A systematic review of the state of cyber-security in water systems. Water 13(1) 1 (2021). https:\/\/doi.org\/10.3390\/w13010081","DOI":"10.3390\/w13010081"},{"key":"11_CR39","unstructured":"IAEA: Nuclear Security Culture (2008). https:\/\/www.iaea.org\/publications\/7977\/nuclear-security-culture. Accessed 27 Nov 2021"},{"key":"11_CR40","unstructured":"IAEA: Self-assessment of nuclear security culture in facilities and activities (2017). https:\/\/www.iaea.org\/publications\/10983\/self-assessment-of-nuclear-security-culture-in-facilities-and-activities. Accessed 27 Nov 2021"},{"key":"11_CR41","doi-asserted-by":"publisher","unstructured":"Ocloo, C.M., da Veiga, A., Kroeze, J.: A conceptual information security culture framework for higher learning institutions. In: Human Aspects of Information Security and Assurance, pp. 63\u201380, Cham, 2021. https:\/\/doi.org\/10.1007\/978-3-030-81111-2_6","DOI":"10.1007\/978-3-030-81111-2_6"},{"key":"11_CR42","doi-asserted-by":"publisher","unstructured":"Kirlappos, I., Parkin, S., Sasse, A.: Learning from \u201cshadow security:\u201d why understanding non-compliant behaviors provides the basis for effective security, Feb 2014. https:\/\/doi.org\/10.14722\/usec.2014.23007","DOI":"10.14722\/usec.2014.23007"}],"container-title":["IFIP Advances in Information and Communication Technology","Human Aspects of Information Security and Assurance"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-12172-2_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,1]],"date-time":"2022-08-01T01:18:42Z","timestamp":1659316722000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-12172-2_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031121715","9783031121722"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-12172-2_11","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"value":"1868-4238","type":"print"},{"value":"1868-422X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"22 July 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"HAISA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Human Aspects of Information Security and Assurance","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Mytilene, Lesbos","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Greece","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 July 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 July 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"haisa2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/haisa.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"30","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"25","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"83% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.66","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}