{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,19]],"date-time":"2025-10-19T16:15:48Z","timestamp":1760890548618,"version":"3.40.3"},"publisher-location":"Cham","reference-count":55,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031813245"},{"type":"electronic","value":"9783031813252"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-81325-2_22","type":"book-chapter","created":{"date-parts":[[2025,2,24]],"date-time":"2025-02-24T15:08:06Z","timestamp":1740409686000},"page":"313-324","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Towards a Three-Tiered Framework for Fostering Organizational Cybersecurity Culture"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0442-7605","authenticated-orcid":false,"given":"Meseret Assefa","family":"Adamu","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3733-830X","authenticated-orcid":false,"given":"Marko Ilmari","family":"Niemimaa","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1950-368X","authenticated-orcid":false,"given":"Paolo","family":"Spagnoletti","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,2,25]]},"reference":[{"key":"22_CR1","doi-asserted-by":"publisher","first-page":"13369","DOI":"10.3390\/su151813369","volume":"15","author":"MF Safitra","year":"2023","unstructured":"Safitra, M.F., Lubis, M., Fakhrurroja, H.: Counterattacking cyber threats: A framework for the future of cybersecurity. Sustain. 15, 13369 (2023)","journal-title":"Sustain."},{"key":"22_CR2","doi-asserted-by":"publisher","first-page":"308","DOI":"10.1016\/S0167-4048(03)00407-3","volume":"22","author":"JM Anderson","year":"2003","unstructured":"Anderson, J.M.: Why we need a new definition of information security. Comput. Secur. 22, 308\u2013313 (2003)","journal-title":"Comput. Secur."},{"key":"22_CR3","doi-asserted-by":"publisher","DOI":"10.3390\/books978-3-0365-9645-7","volume-title":"Managing cybersecurity threats and increasing organizational resilience","author":"PR Trim","year":"2023","unstructured":"Trim, P.R., Lee, Y.-I.: Managing cybersecurity threats and increasing organizational resilience, vol. 4. MDPI, Switzerland (2023)"},{"key":"22_CR4","doi-asserted-by":"crossref","unstructured":"Da Veiga, A.: A cybersecurity culture research philosophy and approach to develop a valid and reliable measuring instrument. In: 2016 SAI Computing Conference (SAI). IEEE (2016)","DOI":"10.1109\/SAI.2016.7556102"},{"key":"22_CR5","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1016\/j.procs.2023.01.267","volume":"219","author":"O Guly\u00e1s","year":"2023","unstructured":"Guly\u00e1s, O., Kiss, G.: Impact of cyber-attacks on the financial institutions. Proc. Comput. Sci. 219, 84\u201390 (2023)","journal-title":"Proc. Comput. Sci."},{"key":"22_CR6","unstructured":"Griffiths, C.: The Latest 2024 Cyber Crime Statistics. (2024). https:\/\/aag-it.com\/the-latest-cyber-crime-statistics\/"},{"key":"22_CR7","unstructured":"CISOMAG: \u201cPsychology of Human Error\u201d Could Help Businesses Prevent Security Breaches. CISOMAG (2020). https:\/\/cisomag.com\/psychology-of-human-error-could-help-businesses-prevent-security-breaches\/"},{"key":"22_CR8","volume-title":"Factors that Contributes Information Security Vulnerabilities in Public Organization","author":"NB Misheto","year":"2020","unstructured":"Misheto, N.B.: Factors that Contributes Information Security Vulnerabilities in Public Organization. Institute of Accountancy, Arusha (2020)"},{"key":"22_CR9","first-page":"1","volume":"80","author":"K Rose","year":"2015","unstructured":"Rose, K., Eldridge, S., Chapin, L.: The Internet of Things: An overview. The Internet Society (ISOC) 80, 1\u201350 (2015)","journal-title":"The Internet Society (ISOC)"},{"key":"22_CR10","doi-asserted-by":"publisher","first-page":"573","DOI":"10.3390\/jcp2030029","volume":"2","author":"WJ Triplett","year":"2022","unstructured":"Triplett, W.J.: Addressing human factors in cybersecurity leadership. J. Cybersecur. Priv. 2, 573\u2013586 (2022)","journal-title":"J. Cybersecur. Priv."},{"key":"22_CR11","doi-asserted-by":"crossref","unstructured":"Huang, K., Pearlson, K.: For what technology can\u2019t fix: Building a model of organizational cybersecurity culture. (2019)","DOI":"10.24251\/HICSS.2019.769"},{"key":"22_CR12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-43999-6","volume-title":"Building a cybersecurity culture in organizations: How to bridge the gap between people and digital technology","author":"I Corradini","year":"2020","unstructured":"Corradini, I.: Building a cybersecurity culture in organizations: How to bridge the gap between people and digital technology. Springer Nature, Cham (2020)"},{"key":"22_CR13","first-page":"179","volume":"2","author":"MM Willie","year":"2023","unstructured":"Willie, M.M.: The Role of Organizational Culture in Cybersecurity: Building a Security-First Culture. J. Res. Innov. Technol. 2, 179\u2013198 (2023)","journal-title":"J. Res. Innov. Technol."},{"key":"22_CR14","unstructured":"Adamu, M.A.: Conceptualizing and Learning to Foster Cybersecurity Culture: A Literature Review. In: MCIS 2023 Proceedings. AIS eLibrary (2023)"},{"key":"22_CR15","volume-title":"Fostering information security culture through integrating theory and technology","author":"JF Van Niekerk","year":"2010","unstructured":"Van Niekerk, J.F.: Fostering information security culture through integrating theory and technology. Nelson Mandela Metropolitan University, South Africa (2010)"},{"key":"22_CR16","doi-asserted-by":"publisher","first-page":"145","DOI":"10.69554\/SQRM4856","volume":"4","author":"R Carver","year":"2020","unstructured":"Carver, R.: A framework for fostering a dynamic information security culture. Cyber Secur. A Peer-Rev. J. 4, 145\u2013159 (2020)","journal-title":"Cyber Secur. A Peer-Rev. J."},{"key":"22_CR17","unstructured":"Karyda, M.: Fostering information security culture in organizations: A Research Agenda (2017)"},{"key":"22_CR18","volume-title":"Engineering culture: Control and commitment in a high-tech corporation","author":"G Kunda","year":"2006","unstructured":"Kunda, G.: Engineering culture: Control and commitment in a high-tech corporation. Temple University Press, Philadelphia (2006)"},{"key":"22_CR19","unstructured":"Hall, E.T.: Beyond culture. Anchor (1976)"},{"key":"22_CR20","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1177\/017084068901000202","volume":"10","author":"SC Schneider","year":"1989","unstructured":"Schneider, S.C.: Strategy formulation: The impact of national culture. Organ. Stud. 10, 149\u2013168 (1989)","journal-title":"Organ. Stud."},{"key":"22_CR21","first-page":"15","volume":"10","author":"G Hofstede","year":"1980","unstructured":"Hofstede, G.: Culture and organizations. Int. Stud. Manag. Organ. 10, 15\u201341 (1980)","journal-title":"Int. Stud. Manag. Organ."},{"key":"22_CR22","volume-title":"The corporate culture survival guide","author":"EH Schein","year":"2009","unstructured":"Schein, E.H.: The corporate culture survival guide. John Wiley & Sons, NY (2009)"},{"key":"22_CR23","volume-title":"The corporate culture survival guide: Sense and nonsense about culture change","author":"EH Schein","year":"1999","unstructured":"Schein, E.H.: The corporate culture survival guide: Sense and nonsense about culture change. Jossey-Bass, CA (1999)"},{"key":"22_CR24","volume-title":"Organizational culture and leadership","author":"EH Schein","year":"2010","unstructured":"Schein, E.H.: Organizational culture and leadership. John Wiley & Sons, NY (2010)"},{"key":"22_CR25","doi-asserted-by":"publisher","first-page":"132","DOI":"10.1201\/9781003128830-12","volume-title":"A Handbook of Theories on Designing Alignment between People and the Office Environment","author":"K Nanayakkara","year":"2021","unstructured":"Nanayakkara, K., Wilkinson, S.: Organisational Culture Theories: Dimensions of organisational culture and office layouts. In: Rianne, A.-M., Danivska, V. (eds.) A Handbook of Theories on Designing Alignment between People and the Office Environment, pp. 132\u2013147. Routledge, UK (2021)"},{"key":"22_CR26","doi-asserted-by":"publisher","first-page":"1163","DOI":"10.1016\/j.ijproman.2012.12.014","volume":"31","author":"A Wiewiora","year":"2013","unstructured":"Wiewiora, A., Trigunarsyah, B., Murphy, G., Coffey, V.: Organizational culture and willingness to share knowledge: A competing values perspective in Australian context. Int. J. Project Manage. 31, 1163\u20131174 (2013)","journal-title":"Int. J. Project Manage."},{"key":"22_CR27","volume-title":"Diagnosing and Changing Organizational Culture","author":"KS Cameron","year":"2006","unstructured":"Cameron, K.S., Quinn, R.E.: Diagnosing and Changing Organizational Culture. Jossey Bass San Francisco, CA USA (2006)"},{"key":"22_CR28","volume-title":"Culture's consequences: International differences in work-related values","author":"G Hofstede","year":"1984","unstructured":"Hofstede, G.: Culture\u2019s consequences: International differences in work-related values. Sage, USA (1984)"},{"key":"22_CR29","unstructured":"Schein, E.H.: Organizational Culture and Leadership. Wiley, (2004). https:\/\/books.google.no\/books?id=THQa4txcMl4C"},{"key":"22_CR30","doi-asserted-by":"publisher","first-page":"295","DOI":"10.1177\/0021886391273005","volume":"27","author":"SA Sackmann","year":"1991","unstructured":"Sackmann, S.A.: Uncovering culture in organizations. J. Appl. Behav. Sci. 27, 295\u2013317 (1991)","journal-title":"J. Appl. Behav. Sci."},{"key":"22_CR31","doi-asserted-by":"crossref","unstructured":"Chandler, N., Heidrich, B., Kasa, R.: Everything changes? A repeated cross-sectional study of organisational culture in the public sector. Evidence-based HRM: A Global Forum for Empirical Scholarship, vol 3. Emerald Publishing Limited (2017)","DOI":"10.1108\/EBHRM-03-2017-0018"},{"key":"22_CR32","doi-asserted-by":"publisher","first-page":"325","DOI":"10.1177\/1077727X8401200308","volume":"12","author":"LL Davis","year":"1984","unstructured":"Davis, L.L.: Clothing and human behavior: A review. Home Econ. Res. J. 12, 325\u2013339 (1984)","journal-title":"Home Econ. Res. J."},{"key":"22_CR33","volume-title":"Organizational culture: A dynamic model","author":"EH Schein","year":"1983","unstructured":"Schein, E.H.: Organizational culture: A dynamic model. Massachusetts Institute of Technology, Massachusetts (1983)"},{"key":"22_CR34","series-title":"Studies in Systems, Decision and Control","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/978-3-030-43999-6_4","volume-title":"Building a Cybersecurity Culture in Organizations","author":"I Corradini","year":"2020","unstructured":"Corradini, I.: Building a cybersecurity culture. In: Building a Cybersecurity Culture in Organizations. SSDC, vol. 284, pp. 63\u201386. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-43999-6_4"},{"key":"22_CR35","unstructured":"ENISA: Cyber Security Culture in Organizations. (2017). https:\/\/www.enisa.europa.eu\/"},{"key":"22_CR36","doi-asserted-by":"publisher","first-page":"196","DOI":"10.1016\/j.cose.2009.09.002","volume":"29","author":"A Da Veiga","year":"2010","unstructured":"Da Veiga, A., Eloff, J.H.: A framework and assessment instrument for information security culture. Comput. Secur. 29, 196\u2013207 (2010)","journal-title":"Comput. Secur."},{"key":"22_CR37","unstructured":"Schlienger, T., Teufel, S.: Analyzing information security culture: increased trust by an appropriate information security culture. In: 14th International Workshop on Database and Expert Systems Applications, 2003 Proceedings. IEEE (2003)"},{"key":"22_CR38","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.102003","volume":"98","author":"M Alshaikh","year":"2020","unstructured":"Alshaikh, M.: Developing cybersecurity culture to influence employee behavior: A practice perspective. Comput. Secur. 98, 102003 (2020)","journal-title":"Comput. Secur."},{"key":"22_CR39","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101713","volume":"92","author":"A Da Veiga","year":"2020","unstructured":"Da Veiga, A., Astakhova, L.V., Botha, A., Herselman, M.: Defining organisational information security culture\u2014Perspectives from academia and industry. Comput. Secur. 92, 101713 (2020)","journal-title":"Comput. Secur."},{"key":"22_CR40","doi-asserted-by":"crossref","unstructured":"Reeg\u00e5rd, K., Blackett, C., Katta, V.: The concept of cybersecurity culture. In: 29th European Safety and Reliability Conference (2019)","DOI":"10.3850\/978-981-11-2724-3_0761-cd"},{"key":"22_CR41","doi-asserted-by":"publisher","first-page":"22","DOI":"10.3103\/S0147688214010067","volume":"41","author":"L Astakhova","year":"2014","unstructured":"Astakhova, L.: The concept of the information-security culture. Sci. Tech. Inf. Process. 41, 22\u201328 (2014)","journal-title":"Sci. Tech. Inf. Process."},{"key":"22_CR42","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102387","volume":"109","author":"B Uchendu","year":"2021","unstructured":"Uchendu, B., Nurse, J.R., Bada, M., Furnell, S.: Developing a cyber security culture: Current practices and future needs. Comput. Secur. 109, 102387 (2021)","journal-title":"Comput. Secur."},{"key":"22_CR43","unstructured":"Alhogail, A., Mirza, A.: A Framework of Information Security Culture Change. Journal of Theoretical & Applied Information Technology, 64, (2014)"},{"key":"22_CR44","first-page":"452","volume":"62","author":"A Georgiadou","year":"2022","unstructured":"Georgiadou, A., Mouzakitis, S., Bounas, K., Askounis, D.: A cyber-security culture framework for assessing organization readiness. J. Comput. Inform. Syst. 62, 452\u2013462 (2022)","journal-title":"J. Comput. Inform. Syst."},{"key":"22_CR45","doi-asserted-by":"publisher","first-page":"476","DOI":"10.1016\/j.cose.2009.10.005","volume":"29","author":"J Van Niekerk","year":"2010","unstructured":"Van Niekerk, J., Von Solms, R.: Information security culture: A management perspective. Comput. Secur. 29, 476\u2013486 (2010)","journal-title":"Comput. Secur."},{"key":"22_CR46","first-page":"46","volume":"2003","author":"T Schlienger","year":"2003","unstructured":"Schlienger, T., Teufel, S.: Information security culture-from analysis to change. South African Comput. J. 2003, 46\u201352 (2003)","journal-title":"South African Comput. J."},{"key":"22_CR47","unstructured":"Zakaria, O., Jarupunphol, P., Gani, A.: Paradigm mapping for information security culture approach. In: Proceedings of the 4th Australian Conference on Information Warfare and IT Security. (2003)"},{"key":"22_CR48","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1007\/978-0-387-35586-3_15","volume-title":"Security in the information society","author":"T Schlienger","year":"2002","unstructured":"Schlienger, T., Teufel, S.: Information security culture. In: Adeeb Ghonaimy, M., El-Hadidi, M.T., Aslan, H.K. (eds.) Security in the information society, pp. 191\u2013201. Springer US, Boston, MA (2002). https:\/\/doi.org\/10.1007\/978-0-387-35586-3_15"},{"key":"22_CR49","doi-asserted-by":"crossref","unstructured":"Dutton, W.H.: Fostering a cybersecurity mindset. Available at SSRN 2490010 (2014)","DOI":"10.2139\/ssrn.2490010"},{"key":"22_CR50","doi-asserted-by":"publisher","first-page":"1609","DOI":"10.1016\/j.jbusres.2013.09.007","volume":"67","author":"SJ Hogan","year":"2014","unstructured":"Hogan, S.J., Coote, L.V.: Organizational culture, innovation, and performance: A test of Schein\u2019s model. J. Bus. Res. 67, 1609\u20131621 (2014)","journal-title":"J. Bus. Res."},{"key":"22_CR51","doi-asserted-by":"publisher","DOI":"10.4324\/9781315650982","volume-title":"Multilevel analysis: Techniques and applications","author":"J Hox","year":"2017","unstructured":"Hox, J., Moerbeek, M., Van de Schoot, R.: Multilevel analysis: Techniques and applications. Routledge, UK (2017)"},{"key":"22_CR52","volume-title":"Handbook of organizational culture and climate","author":"NM Ashkanasy","year":"2000","unstructured":"Ashkanasy, N.M., Wilderom, C.P., Peterson, M.F.: Handbook of organizational culture and climate. Sage, USA (2000)"},{"key":"22_CR53","doi-asserted-by":"publisher","first-page":"50","DOI":"10.4135\/9781483307961.n4","volume-title":"The handbook of organizational culture and climate","author":"FJ Yammarino","year":"2010","unstructured":"Yammarino, F.J., Dansereau, F.: Multilevel Issues in Organizational Culture and Climate Research. In: Ashkanasy, N., Wilderom, C., Peterson, M. (eds.) The handbook of organizational culture and climate, pp. 50\u201376. SAGE Publications, Inc., 2455 Teller Road,\u00a0Thousand Oaks\u00a0California\u00a091320\u00a0United States (2010). https:\/\/doi.org\/10.4135\/9781483307961.n4"},{"key":"22_CR54","doi-asserted-by":"publisher","first-page":"285","DOI":"10.1080\/14697017.2014.886870","volume":"14","author":"P Dawson","year":"2014","unstructured":"Dawson, P.: Reflections: On time, temporality and change in organizations. J. Chang. Manag. 14, 285\u2013308 (2014)","journal-title":"J. Chang. Manag."},{"key":"22_CR55","doi-asserted-by":"publisher","first-page":"413","DOI":"10.1080\/14697017.2023.2268247","volume":"23","author":"JE Karlsen","year":"2023","unstructured":"Karlsen, J.E.: Reflections: Time and Temporality in Organizational Change-Why Bother Yet? J. Chang. Manag. 23, 413\u2013437 (2023)","journal-title":"J. Chang. Manag."}],"container-title":["Lecture Notes in Business Information Processing","Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-81325-2_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,24]],"date-time":"2025-02-24T15:08:17Z","timestamp":1740409697000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-81325-2_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031813245","9783031813252"],"references-count":55,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-81325-2_22","relation":{},"ISSN":["1865-1348","1865-1356"],"issn-type":[{"type":"print","value":"1865-1348"},{"type":"electronic","value":"1865-1356"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"25 February 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"EMCIS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European, Mediterranean, and Middle Eastern Conference on Information Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Athens","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Greece","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"emcis2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/emcis.eu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}