Over the past years, a large amount of studies has advanced knowledge that explains how individuals react to information security cues and why they are motivated to perform secure practices. Nevertheless, those studies predominantly set their focus on the adoption of secure practices at an individual level; therefore they were unable to analyse such adoption at the higher level. As a consequence, the formation and dissemination processes of information security perceptions were overlooked despite their importance. Understanding those processes would inform methods to distribute effectively desirable information security perceptions within the workplace, while potentially explaining why in some cases implementation of information security measures was not successful at changing the employees’ beliefs and behaviours. The first part of this paper reviews the concept of information security climate that emerge from the individual’s interactions with the work environment, which has been under researched and investigated inconsistently. The second part begins with discussing the influence mechanisms that could disseminate information security climate perceptions, then suggests the adoption of social network analysis techniques to analyse those mechanisms. As a result, the paper forwards an integrated framework about information security climate perceptions, as well as proposes a research agenda for future investigations on how those perceptions could be formed and disseminated within the workplace.
Available at: http://works.bepress.com/siddhi/37/