Communications of the IIMA


Employees, intentionally or not, cause a large percentage of security incidents. For an organization to be secure there must be a culture of information security, meaning that employees make good security-related decisions. Business intelligence (BI) systems, with their ability to promote change through goal-setting and accountability, could help create a culture of information security, if implemented appropriately. This paper provides an overview of information security culture and business intelligence, and explains what will be needed if BI is to be used to help organizations develop a security-aware culture.