Review

Information system (IS) security incidents occur, in part, because employees undermine security policy. While existing studies suggest organisational culture influences employee behaviour in ways that can comprise IS security, examining organisational culture as a single component, or investigating only one dimension of culture, can put the discipline at harm. This is because organisational culture is a conjugation of multifaceted collective beliefs that materialises in actions and artefacts. Investigating organisational culture at only its higher order level can mask dimensional effects of culture at its lower order factors. This study provides additional insight into the body of knowledge in IS security by examining organisational culture at its higher order and at its dimensions in order to investigate how these dimensions play their roles in the realm of IS security non-compliance and intentional violations.

Keywords: Organisational culture, information system security, dysfunctional behaviour.