Unauthorized Disclosures of Sensitive and Classified Information: A Meta-Synthesis of Leadership Support, Security Policy, and Security Education, Training and Awareness within the Federal Government Information Security Culture
Date
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
This meta-synthesis study examined federal government information security culture through the factors of leadership support, security policy, and security education, training, and awareness (SETA). The occurrence of unauthorized disclosures is a continuing and increasing problem within the federal government, and end-users are identified as the weakest link. The federal government not only remains unsuccessful in its efforts to prevent unauthorized disclosures in previous years, it acknowledges this threat will persist in the future. Selection of studies used in support of this meta-synthesis consisted of two subject matter experts who served as raters that determined inter-rater agreement. Inter-rater reliability was achieved using the Cohen’s Kappa equation while ATLAS.ti 8 supported the semantic coding process. Semantic coding of the 13 studies used in this research resulted in the identification of 4 networks consisting of 36 total nodes (5 - information security culture, 13 - leadership support, 7 - security policy, and 10 - SETA). There was a total of 398 total sub-nodes selected across selected studies. The findings indicate that the greatest positive influences on information security culture and end-user threat-response behaviors were leadership support and SETA. However, these influences are offset by employee behavioral conflicts, inconsistent leadership involvement, varying degrees of policy awareness and non-compliance, and ineffective training. An emphasis on teamwork was noted at all levels across the federal government. There was an overwhelming consensus for tighter controls to protect information. In the area of policy, there is an admitted lack of awareness for the policies, consequences, and penalties associated with security violations. To prevent the occurrence of future security incidents, a better understanding of information security culture within the federal government is needed to assist in further refining and implementing organizational information security programs. This study separates itself from other studies by presenting a new research model supported by a theoretical framework.