CHAPTER THREE - METHODOLOGY

CHAPTER THREE: METHODOLOGY

CHAPTER THREE: METHODOLOGY

Social Cognitive Theory (SCT) developed by Albert Bandura explains how behavior is observationally learned and influenced by environmental and cognitive factors (Bandura, 1997). Bandura proposed the Triadic Reciprocal Determinism theory, which is the basis of SCT, suggesting that behavior, cognitive factors, and environment factors are related and influence one another for a desired outcome (Bandura, 1978). Considering what has been covered in Chapters 1 and 2, a culture of cybersecurity is intended to mitigate the human problem that is commonly found within the government. SCT specifies that individual behaviors can be affected by organizational culture (Wood & Bandura, 1989). The goal is to mitigate the human problem by establishing a culture that influences individuals to behave in a secure manner (European Union Agency for Network and Information Security, 2018). In this context, the SCT will be used as a basis to guide research and collect information on the influencing factors of secure behavior so that it can be utilized to help foster a culture of cybersecurity while focusing on the relationships between 1) environmental factors, 2) cognitive factors (also known as personal factors), and 3) their mediating effect on behaviors.

Having this goal in mind, research was conducted with the utilization of Google Scholar, Pfau Library’s OneSearch, ScienceDirect, and general web searches via Google. Sources were selected and analyzed based on their relevance to the subject. The sources utilized were compiled of research articles, reports, and articles from well-known domains, companies, and authors with a credible background in cybersecurity. Research began by initially discovering how a cybersecurity culture impacts the reduction of cybersecurity risks while narrowing the results down to the general topic of policy compliance. Searches were conducted using key words such as: cybersecurity policy compliance, impact of cybersecurity culture, security awareness “compliant” behavior, social factors that increase policy compliance, cognitive factors that increase policy compliance, and analysis of cybersecurity culture.

The next step was to examine what best practices are being utilized to develop cultures of cybersecurity while also identifying what challenges may be likely to occur. To find the most relevant information for best practices and challenges, Google Scholar was utilized to find recent case studies using following key terms and limiting the publication date from 2017-2021: cybersecurity culture, creating a cybersecurity culture, and best practices to develop cybersecurity culture, challenges with cybersecurity culture, and challenges with changing culture. Two relevant case studies were yielded as a result of the search and were individually analyzed in the following chapter.

Table 2: Overview of Research Methods and Publications

CHAPTER THREE: METHODOLOGY

Table of Contents