Exploring the Role of Team Security Climate in the Implementation of Security by Design: A Case Study in the Defense Sector

Micha Prudjinski, Irit Hadar, Gil Luria

Research output: Contribution to journalArticlepeer-review

Abstract

The rapid diffusion of software systems into all aspects of human life has exacerbated security threats and thus amplified the requirement for proactive approaches for designing security as a default. Following evidence from previous studies, indicating organizational climate as a key influencer on developers' security mindsets and behaviors, this study was focused on examining the relationship between team security climate level and developers' actual practices when addressing security threats during software development. The empirical study was conducted in a defense software development organization and included a survey questionnaire completed by 212 developers from 50 software teams. The results were compared to managers' evaluations regarding the implementation level of security mechanisms in the teams' development. The findings indicate a positive relationship between team security climate level and the implementation level of security mechanisms in the teams' software development and that team productivity climate moderates this relationship. The results also reveal that team security climate mediates the association between manager-developer relationships and the implementation level of security mechanisms in software development. The study provides support to organizational climate theory and to the specific scale of organizational security climate, demonstrating the predictive validity of this scale, and sheds light on the influence of leadership and competitive facets on security engineering.

Original languageEnglish
Pages (from-to)1065-1079
Number of pages15
JournalIEEE Transactions on Software Engineering
Volume50
Issue number5
DOIs
StatePublished - 1 May 2024

Bibliographical note

Publisher Copyright:
© 1976-2012 IEEE.

Keywords

  • Security and privacy protection
  • organizational climate
  • security by design
  • team climate

ASJC Scopus subject areas

  • Software

Fingerprint

Dive into the research topics of 'Exploring the Role of Team Security Climate in the Implementation of Security by Design: A Case Study in the Defense Sector'. Together they form a unique fingerprint.

Cite this