Enhancing the Organisational Culture related to Cyber Security during the University Digital Transformation
Source:
Information & Security: An International Journal,Abstract:
The digital transformation (digitalisation) becomes an important item in strategies and plans for development and improvement of higher education. The implementation of new approaches in education, new ways of information sharing and group work are expected to improve and transform all processes and services within the higher education institutions. The digital transformation should not underestimate the security aspects of ICT use and specific Cyber Security Culture (CSC), part of the wider organisational culture should be directed, shaped and supported. CSC of organizations refers to the knowledge, beliefs, perceptions, attitudes, assumptions, norms and values of people regarding cybersecurity and how they are manifested in people’s behaviour with information technologies. The attitude towards security measures in academic organisations is usually oriented towards free and open sharing of information and knowledge. This positive direction has to be maintained and preserved, but also to be changed and adapted to current threats and security environment. The balance between openness and security has to be analysed, rationally implemented, and monitored through establishment of organisational programme dedicated to CSC as a measure to influence the human factor in cybersecurity.
This article presents best practices of universities’ digitalisation from the cyber security and CRC point of view. ENISA’s CSC development guidance was used as the main tool for developing the general CSC programme for universities. The required changes of CSC and possible programme implementation are considered based on cases from several Bulgarian universities.