Understanding human aspects for an effective information security management implementation.

In today’s world, information security is a trending as well as a crucial topic for both individuals and organizations. Cyber attacks cause financial loss for businesses with data breaches and production loss. Data breaches can result in loss of reputation, reduced customer loyalty, and fines.

Also due to cyber attacks, business continuity is affected so that organizations cannot provide continuous production. Therefore, organizations should reduce cyber risks by managing their information security. For this purpose, they may use ISO/IEC 27001 Information Security Management Standard. ISO/IEC 27001:2013 includes 114 controls that are in both technical and organizational level.

However, in the practice of security management, individuals’ information security behavior could be underestimated. Herein, technology alone cannot guarantee the safety of information assets in organizations, thereby a range of human aspects should be taken into consideration.

In this study, the importance of security behavior with respect to ISO/IEC 27001 information security management implementation is presented. The present study extensively analyses the data collected from a survey of 630 people. The results of reliability measures and confirmatory factor analysis support the scale of the study.