Volume 12, Issue 2 (9-2025)
Human Information Interaction 2025, 12(2): 0-0 |
Back to browse issues page
Download citation:
BibTeX | RIS | EndNote | Medlars | ProCite | Reference Manager | RefWorks
Send citation to:
BibTeX | RIS | EndNote | Medlars | ProCite | Reference Manager | RefWorks
Send citation to:
marzban M H, sharifzadeh R. Identifying the Human-Nonhuman Components of Information Security Culture: A Qualitative Study Based on Actor-Network Theory (ANT). Human Information Interaction 2025; 12 (2)
URL: http://hii.khu.ac.ir/article-1-3225-en.html
URL: http://hii.khu.ac.ir/article-1-3225-en.html
Abstract: (78 Views)
As information becomes one of the most important resources for companies and cyber threats get more advanced, there has been a big increase in spending on security tools. But research shows that over 90% of big security problems come from mistakes made by human. This shows that it's really important to focus on "information security culture" along with technical tools. Most traditional ideas about security culture, like those from Schein and Hofstede, are centered around human and don't take into account the role of non-human elements. This gap in understanding means we need better ways, like Actor-Network Theory, to look at how all different factors work together. This study was done to fill that gap and look at what influences security culture in a major financial organization. The research used a qualitative method and included interviews with 25 managers, experts, and users at the Central Bank of Iran, as well as field observations and document analysis. The results showed that security culture comes from the interaction of three main human groups: senior managers who make big decisions, employees who carry out daily tasks, and technical teams that turn policies into real actions. Also, five types of non-human elements were found: policies like ISO 27001, technologies such as SIEM and MFA, physical infrastructure, documents, and organizational processes. A key finding was the role of hybrid actors, like authentication systems, which mix humans and technology and affect how people behave. Compared to simple models, this study shows that building a better security culture needs a network approach that considers all the different factors. Recommendations include making security tools easier to use, training managers, and embedding security into everyday work. This approach can help financial and governance organizations that face similar challenges.
Keywords: Information security culture, actor-network theory (ANT), human actor, non-human actor, cybersecurity
Send email to the article author
| Rights and permissions | |
 | This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. |
