{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,13]],"date-time":"2026-02-13T15:02:22Z","timestamp":1770994942942,"version":"3.50.1"},"reference-count":63,"publisher":"Emerald","issue":"3","license":[{"start":{"date-parts":[[2017,7,10]],"date-time":"2017-07-10T00:00:00Z","timestamp":1499644800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2017,7,10]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>The purpose of this paper is to define and delineate cyber security culture. Cyber security has been a concern for many years. In an effort to mitigate the cyber security risks, technology-centred measures were deemed to be the ultimate solution. Nowadays, however, it is accepted that the process of cyber security requires much more than mere technical controls. On the contrary, it now demands a human-centred approach, including a cyber security culture. Although the role of cultivating a culture in pursuing cyber security is well appreciated, research focusing intensely on cyber security culture is still in its infancy. Additionally, knowledge on the subject is not clearly bounded and defined.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>General morphological analysis (GMA) is used to define, structure and analyse the cyber security environment culture.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>This paper identifies the most important variables in cultivating a cyber security culture.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Research implications<\/jats:title>\n<jats:p>The delineation of the national cyber security domain will contribute to the relatively new domain of cyber security culture. They contribute to the research community by means of promoting a shared and common understanding of terms. It is a step in the right direction towards eliminating the ambiguity of domain assumptions.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Practical implications<\/jats:title>\n<jats:p>Practically, the study can assist developing nations in constructing strategies that addresses the key factors that need to be apparent in lieu to cultivating its envisaged national culture of cyber security. Additionally, the GMA will contribute to the development of solutions or means that do not overlook interrelations of such factors.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>Delineating and defining the cyber security culture domain more precisely could greatly contribute to realizing the elements that collectively play a role in cultivating such a culture for a national perspective.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-12-2015-0046","type":"journal-article","created":{"date-parts":[[2017,5,24]],"date-time":"2017-05-24T07:32:02Z","timestamp":1495611122000},"page":"259-278","source":"Crossref","is-referenced-by-count":18,"title":["A general morphological analysis: delineating a cyber-security culture"],"prefix":"10.1108","volume":"25","author":[{"given":"Noluxolo","family":"Gcaza","sequence":"first","affiliation":[]},{"given":"Rossouw","family":"von Solms","sequence":"additional","affiliation":[]},{"given":"Marthie M.","family":"Grobler","sequence":"additional","affiliation":[]},{"given":"Joey Jansen","family":"van Vuuren","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"issue":"1","key":"key2020120621003162000_ref001","first-page":"61","article-title":"Information security awareness and culture","volume":"6","year":"2012","journal-title":"British Journal of Arts and Social Sciences"},{"issue":"1","key":"key2020120621003162000_ref002","doi-asserted-by":"crossref","first-page":"22","DOI":"10.3103\/S0147688214010067","article-title":"The concept of the information-security culture","volume":"41","year":"2014","journal-title":"Scientific and Technical Information Processing"},{"key":"key2020120621003162000_ref003","unstructured":"Bada, M. and Sasse, A. (2014), \u201cCyber security awareness campaigns: why do they fail to change behaviour?\u201d, available at: http:\/\/discovery.ucl.ac.uk\/1468954\/ (accessed 1 August 2016)."},{"issue":"1","key":"key2020120621003162000_ref004","article-title":"Applying the theory of planned behaviour to predicting online safety behaviour","volume":"15","year":"2013","journal-title":"Crime Prevention & Community Safety"},{"key":"key2020120621003162000_ref005","article-title":"Cyber-security and threat politics","volume-title":"Security Studies","year":"2008"},{"key":"key2020120621003162000_ref006","article-title":"The role of user computer self-efficacy, cybersecurity countermeasures awareness, and cybersecurity skills influence on computer misuse","year":"2013"},{"key":"key2020120621003162000_ref007","first-page":"1","article-title":"E-Government and cyber security: the role of cyber security other times outside contractors are brought in to","year":"2006"},{"key":"key2020120621003162000_ref008","article-title":"A cyber security culture research philosopy and approach to develop a valid and reliable measuring instrument","year":"2016"},{"issue":"1","key":"key2020120621003162000_ref009","first-page":"147","article-title":"Information security culture \u2013 validation of an assessment instrument information security culture \u2013 validation of an assessment instrument","volume":"11","year":"2007","journal-title":"Southern African Business Review"},{"key":"key2020120621003162000_ref010","doi-asserted-by":"publisher","article-title":"Cyber security awareness initiatives in South Africa: a synergy approach","year":"2012","DOI":"10.1007\/978-3-8349-4134-3_3"},{"key":"key2020120621003162000_ref011","article-title":"Probability analysis of cyber attack paths against business and commercial enterprise systems","year":"2013"},{"key":"key2020120621003162000_ref012","article-title":"Formalizing information security knowledge","year":"2009"},{"key":"key2020120621003162000_ref013","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1007\/978-3-642-01190-0_5","article-title":"Ontological mapping of information security best-practice guidelines","volume":"21","year":"2009","journal-title":"Lecture Notes in Business Information Processing"},{"issue":"9","key":"key2020120621003162000_ref014","first-page":"14","article-title":"The ultimate cybersecurity checklist for your workforce","year":"2007","journal-title":"Computer Fraud & Security"},{"issue":"7\/8","key":"key2020120621003162000_ref015","first-page":"235","article-title":"Security beliefs and barriers for novice internet users","volume":"27","year":"2008","journal-title":"Computers & Security"},{"key":"key2020120621003162000_ref016","first-page":"1","article-title":"An ontology for a national cyber-security culture environment","year":"2015"},{"key":"key2020120621003162000_ref017","first-page":"658","article-title":"An inclusive information society needs a global approach of information security","year":"2009"},{"key":"key2020120621003162000_ref018","first-page":"370","article-title":"A national strategy for an effective cybersecurity approach and culture","year":"2010"},{"key":"key2020120621003162000_ref019","doi-asserted-by":"crossref","first-page":"199","DOI":"10.1006\/knac.1993.1008","article-title":"A translation approach to portable ontology specifications by a translation approach to portable ontology specifications","volume":"5","year":"1993","journal-title":"Knowledge Acquisition"},{"key":"key2020120621003162000_ref020","doi-asserted-by":"publisher","volume-title":"A Fierce Domain: Conflict in Cyberspace, 1986 to 2012, Cyber Conflict Studies Association","year":"2013","DOI":"10.1080\/10803920.2014.976111"},{"key":"key2020120621003162000_ref021","article-title":"Understanding digital piracy using social networks","volume-title":"Social Networking as a Criminal Enterprise","year":"2014"},{"key":"key2020120621003162000_ref022","unstructured":"High-Level Experts Group (HLEG) (2008), ITU Global Cybersecurity Agenda High-Level Experts Group (HLEG) Global Strategic Report, Geneva, available at: www.cybersecurity-gateway.org\/pdf\/global_strategic_report.pdf"},{"key":"key2020120621003162000_ref023","unstructured":"International Telecommunication Union. (2008), \u201cGlobal security report\u201d, available at: www.itu.int\/osg\/csd\/cybersecurity\/gca\/global_strategic_report\/global_strategic_report.pdf"},{"key":"key2020120621003162000_ref024","author":"ISO\/IEC 27002","year":"2005"},{"key":"key2020120621003162000_B38a","author":"ISO\/IEC 27032","year":"2012"},{"issue":"9","key":"key2020120621003162000_ref025","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1016\/S1353-4858(11)70097-6","article-title":"Effective corporate security and cybercrime","volume":"2011","year":"2011","journal-title":"Network Security"},{"key":"key2020120621003162000_ref026","unstructured":"Kamp, M. (2016), \u201cDeterminants of privacy protection behavior on social network sites: the role of privacy beliefs, social norms and internet skills\u201d, available at: http:\/\/essay.utwente.nl\/69826\/ (accessed 1 August 2016)."},{"issue":"26","key":"key2020120621003162000_ref027","article-title":"Effectiveness of information security awareness methods based on psychological theories","volume":"5","year":"2011","journal-title":"African Journal of Business Management"},{"key":"key2020120621003162000_ref028","volume-title":"National Cyber Security Framework Manual","year":"2012"},{"key":"key2020120621003162000_ref029","article-title":"Fostering a cyber security culture: a case of South Africa","year":"2012"},{"key":"key2020120621003162000_ref030","first-page":"839","year":"2013"},{"key":"key2020120621003162000_ref031","doi-asserted-by":"crossref","first-page":"9","DOI":"10.1109\/MSP.2005.76","article-title":"Overview of cyber security: a crisis of prioritization","volume":"3","year":"2005","journal-title":"IEEE Security and Privacy"},{"issue":"1","key":"key2020120621003162000_ref032","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1054\/cein.2000.0106","article-title":"Rigour, reliability and validity in qualitative research","volume":"4","year":"2000","journal-title":"Clinical Effectiveness in Nursing"},{"issue":"3","key":"key2020120621003162000_ref033","first-page":"253","article-title":"Concepts, structures, and goals: redefining ill-definednes","volume":"19","year":"2009","journal-title":"International Journal of Artificial Intelligence in Education"},{"key":"key2020120621003162000_ref034","volume-title":"The Art of Deception: Controlling the Human Element of Security","year":"2002"},{"key":"key2020120621003162000_ref035","first-page":"34","article-title":"Issues of validity and reliability in qualitative research","volume-title":"Evidence-Based Nursing","year":"2015"},{"key":"key2020120621003162000_ref036","unstructured":"Noy, N.F. and Mcguinness, D.L. (2001), \u201cOntology development 101: a guide to creating your first ontology\u201d, available at: http:\/\/protege.stanford.edu\/publications\/ontology_development\/ontology101.pdf"},{"key":"key2020120621003162000_ref037","first-page":"597","article-title":"Leveraging behavioral science to mitigate cyber security risk","volume-title":"Computers & Security","year":"2012"},{"key":"key2020120621003162000_ref038","volume-title":"Tools for Thinking; Modelling in Management Science","year":"2003","edition":"2nd"},{"key":"key2020120621003162000_ref039","first-page":"174","article-title":"Towards an education campaign for fostering a societal, cyber security culture","year":"2014"},{"key":"key2020120621003162000_ref040","first-page":"1","article-title":"From information security to cyber security cultures organizations to societies","year":"2014"},{"key":"key2020120621003162000_ref041","article-title":"From information security to cyber security cultures organizations to societies from information security to cyber security cultures organizations to societies","year":"2014"},{"key":"key2020120621003162000_ref042","volume-title":"Cognition and Thought: An Information Processing Approach","year":"1965"},{"key":"key2020120621003162000_ref043","article-title":"Understanding the influence of cybercrime risk on the e-service adoption of European Internet users","year":"2014"},{"key":"key2020120621003162000_ref044","article-title":"Measuring the influence of perceived cybercrime risk on online service avoidance","year":"2016"},{"key":"key2020120621003162000_ref045","article-title":"Fritz Zwicky, morphologie and policy analysis","year":"1998"},{"issue":"7","key":"key2020120621003162000_ref046","doi-asserted-by":"crossref","first-page":"792","DOI":"10.1057\/palgrave.jors.2602177","article-title":"Problem structuring using computer-aided morphological analysis","volume":"57","year":"2006","journal-title":"Journal of the Operational Research Society"},{"key":"key2020120621003162000_ref047","volume-title":"Futures Studies using Morphological Analysis","year":"2009"},{"key":"key2020120621003162000_ref048","first-page":"7","article-title":"General morphological analysis (GMA)","volume-title":"Wicked Problems - Social Messes Decision Support Modelling with Morphological Analysis","year":"2011"},{"key":"key2020120621003162000_ref049","doi-asserted-by":"crossref","first-page":"111","DOI":"10.1016\/j.cose.2014.03.008","article-title":"Nothing ventured, nothing gained. Profiles of online activity, cyber-crime exposure, and security measures of end-users in european union","volume":"43","year":"2014","journal-title":"Computers & Security"},{"key":"key2020120621003162000_ref050","volume-title":"Draft National Cybersecurity Policy Framework for South Africa","author":"SA Government Gazette","year":"2011"},{"issue":"2","key":"key2020120621003162000_ref051","article-title":"Rigor or rigor mortis: the problem of rigor in qualitative research revisited","volume":"16","year":"1993","journal-title":"Advances in Nursing Science"},{"key":"key2020120621003162000_ref052","first-page":"191","article-title":"Information security culture \u2013 from analysis to change","volume-title":"Security in the Information Society","year":"2002"},{"key":"key2020120621003162000_ref053","doi-asserted-by":"crossref","first-page":"181","DOI":"10.1016\/0004-3702(73)90011-8","article-title":"The structure of ill-structured problems","volume":"4","year":"1973","journal-title":"Artificial Intelligence"},{"key":"key2020120621003162000_ref054","article-title":"Morphological analysis project list","volume-title":"General Morphological Analysis","author":"Swedish Morphological Society","year":"2016"},{"key":"key2020120621003162000_B36a","volume-title":"Cyberspace Policy Review","author":"The White House","year":"2009"},{"issue":"10","key":"key2020120621003162000_ref055","first-page":"7","article-title":"Cultivating an organizational information security culture","year":"2006","journal-title":"Computer Fraud & Security"},{"key":"key2020120621003162000_ref056","volume-title":"How Experts Reason During Modeling an Ill-Defined Task","year":"2007"},{"key":"key2020120621003162000_ref057","first-page":"1","article-title":"From information security to cyber security","volume-title":"Computers & Security","year":"2013"},{"issue":"3","key":"key2020120621003162000_ref058","first-page":"321","article-title":"Toulmin\u2019s model and the solving of ill-structured problems","volume":"19","year":"2006","journal-title":"Argumentation"},{"issue":"1983","key":"key2020120621003162000_ref059","first-page":"165","article-title":"Problem-solving skill in the social sciences","volume":"17","year":"1983","journal-title":"Problem-Solving Skill in the Social Sciences"},{"key":"key2020120621003162000_ref060","unstructured":"Virginia Tech (2011), \u201cWhen users resist\u201d, Pamplin: College of Business Magazine, available at: www.magazine.pamplin.vt.edu\/fall11\/passwordsecurity.html"},{"key":"key2020120621003162000_ref061","doi-asserted-by":"crossref","first-page":"781","DOI":"10.1080\/02684527.2012.708530","article-title":"Cybersecurity: a pre-history","volume":"27","year":"2012","journal-title":"Intelligence and National Security"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-12-2015-0046\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-12-2015-0046\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:25Z","timestamp":1753406605000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/25\/3\/259-278\/106072"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,7,10]]},"references-count":63,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2017,7,10]]}},"alternative-id":["10.1108\/ICS-12-2015-0046"],"URL":"https:\/\/doi.org\/10.1108\/ics-12-2015-0046","relation":{},"ISSN":["2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2017,7,10]]}}}