DEVELOPMENT OF CYBER SECURITY CULTURE AUDIT SYSTEM USING SEVEN DIMENSIONS OF ISC

Abstract

This paper presents the design of a Cyber Security Culture Audit (CSCA) system intended to improve cybersecurity practices within organizational settings. The system is built upon seven validated dimensions that define Information Security Culture (ISC), namely: Procedural Countermeasures (PCM), Risk Management (RM), Security Education, Training, and Awareness (SETA), Top Management Commitment (TMC), Security Monitoring (MON), Information Security Knowledge (ISK), and Information Security Knowledge Sharing (ISKS). These dimensions serve as the assessment criteria, ensuring validity and trustworthiness. Implemented as a web-based platform using HTML, PHP, and MySQL, the system offers a user-friendly interface, efficient backend processing, and robust data management. Through iterative deployment and real-world feedback, the system has been refined to provide detailed evaluations of an organization's Cyber Security Culture (CSC). The results demonstrate that the CSCA system is effective in providing comprehensive insights into an organization's cybersecurity posture. This study emphasizes the significance of continuous improvement in CSC and offers a valuable tool for enterprises to increase their security policies and prevent cyber threats. Limitations and future work are discussed to guide further research and development in this critical area.