There is an increasing focus on the persuasive approach to develop a people-centric security climate where employees are aware of the priority of security and perform conscious security behaviour proactively. Employees can evaluate the priority of security as they observe and interact with the security features that constitute the security climate of the workplace. We examined the fundamental challenge that not every employee could recognise those features. In this multi-stage research, we adopted the theoretical lens of symbolic interactionism to advance a conceptual model which explains the relationship between organisation's social networks and the formation of information security climate. A descriptive case study in Vietnam was then conducted to refine the proposed model. The findings validated and extended the dimensions of information security climate, as well as identified the relevant organisation's social networks (i.e. information, affect, and power) that lead to its formation.
Available at: http://works.bepress.com/siddhi/39/