Abstract
<jats:p>The rapid expansion of the digital environment has led to an increase in information security risks, thereby necessitating the formation of an information security culture at both organizational and individual levels. In this article, existing approaches for assessing information security culture are systematically analyzed. The main objective of the research is to determine the adequacy of these approaches in terms of measuring not only the organizational level but also the knowledge, attitudes, and behaviors of individuals regarding information security. The article researches the main characteristics, application areas, and limitations of existing methods in a comparative manner. As a result of the analysis, it has been determined that most existing models are oriented toward assessing information security culture from the perspective of organizational structure and management. In these approaches, the human factor is mostly evaluated as the weak link in the security chain, and the measurement of values, motivations, and behaviors at the individual level is not sufficiently covered. In order to fill this gap, the article proposes a conceptual model for assessing personal information security culture. The model presents a multi-level approach that integrates an individual's knowledge, values, risk perception, sense of responsibility, and behavioral habits related to information security. The proposed conceptual model creates an opportunity to understand the individual's decision-making process and behavioral motivation regarding information security, as well as to more deeply assess the impact of personal culture on the organizational security environment.</jats:p>