Purpose – The purpose of this paper is to investigate the impact of culture on information security in a developing country’s view.
Design/methodology/approach – Two questionnaires adopted from the GLOBE project and OCAI were used to collect quantitative data on national and organisational culture. Also, a face to face semi-structured interview was used to get insight into deep-rooted issues concerning information security in the study environment. In addition, a previous study was used to find correlation of the data in this study.
Findings – The findings show that national culture has more influence than organisation culture on information security. We find that the dimensions that influence information security are Power Distance, Uncertainty Avoidance, In-Group Collectivism, and Future Orientation.
Research limitations/implications – This research was conducted in a public sector environment with employees thereby limiting external validity. Also, the population of the survey was small to make a generalisation of the findings. Also, the length of the questionnaire and complexity of questions put off many potential respondents.
Practical implications – Culture has impact on information security implementation and therefore the results imply that some consideration should be given when implementing information security models.
Originality/value – This study is important because it empirically correlates information security with cultural dimensions in a developing country’s environment.