A systematic literature review: Information security culture

Amjad Mahfuth, Salman Yussof, Asmidar Abu Baker, Nor'Ashikin Ali

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

Human behavior inside organizations is considered the main threat to organizations. Moreover, in information security the human element consider the most of weakest link in general. Therefore it is crucial to create an information security culture to protect the organization's assets from inside and to influence employees' security behavior. This paper focuses on identifying the definitions and frameworks for establishing and maintaining information security culture inside organizations. It presents work have been done to conduct a systematic literature review of papers published on information security culture from 2003 to 2016. The review identified 68 papers that focus on this area, 18 of which propose an information security culture framework. An analysis of these papers indicate there is a positive relationship between levels of knowledge and how employees behave. The level of knowledge significantly affects information security behavior and should be considered as a critical factor in the effectiveness of information security culture and in any further work that is carried out on information security culture. Therefore, there is a need for more studies to identity the security knowledge that needs to be incorporated into organizations and to find instances of best practice for building an information security culture within organizations.

Original languageEnglish
Title of host publication5th International Conference on Research and Innovation in Information Systems
Subtitle of host publicationSocial Transformation through Data Science, ICRIIS 2017
PublisherIEEE Computer Society
ISBN (Electronic)9781509030354
DOIs
Publication statusPublished - 03 Aug 2017
Event5th International Conference on Research and Innovation in Information Systems, ICRIIS 2017 - Langkawi, Kedah, Malaysia
Duration: 16 Jul 201717 Jul 2017

Publication series

NameInternational Conference on Research and Innovation in Information Systems, ICRIIS
ISSN (Print)2324-8149
ISSN (Electronic)2324-8157

Other

Other5th International Conference on Research and Innovation in Information Systems, ICRIIS 2017
CountryMalaysia
CityLangkawi, Kedah
Period16/07/1717/07/17

Fingerprint

Security of data
Personnel

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Human-Computer Interaction
  • Information Systems

Cite this

Mahfuth, A., Yussof, S., Baker, A. A., & Ali, NA. (2017). A systematic literature review: Information security culture. In 5th International Conference on Research and Innovation in Information Systems: Social Transformation through Data Science, ICRIIS 2017 [8002442] (International Conference on Research and Innovation in Information Systems, ICRIIS). IEEE Computer Society. https://doi.org/10.1109/ICRIIS.2017.8002442
Mahfuth, Amjad ; Yussof, Salman ; Baker, Asmidar Abu ; Ali, Nor'Ashikin. / A systematic literature review : Information security culture. 5th International Conference on Research and Innovation in Information Systems: Social Transformation through Data Science, ICRIIS 2017. IEEE Computer Society, 2017. (International Conference on Research and Innovation in Information Systems, ICRIIS).
@inproceedings{b198d3eb786e4cc7988b4913694b1c4f,
title = "A systematic literature review: Information security culture",
abstract = "Human behavior inside organizations is considered the main threat to organizations. Moreover, in information security the human element consider the most of weakest link in general. Therefore it is crucial to create an information security culture to protect the organization's assets from inside and to influence employees' security behavior. This paper focuses on identifying the definitions and frameworks for establishing and maintaining information security culture inside organizations. It presents work have been done to conduct a systematic literature review of papers published on information security culture from 2003 to 2016. The review identified 68 papers that focus on this area, 18 of which propose an information security culture framework. An analysis of these papers indicate there is a positive relationship between levels of knowledge and how employees behave. The level of knowledge significantly affects information security behavior and should be considered as a critical factor in the effectiveness of information security culture and in any further work that is carried out on information security culture. Therefore, there is a need for more studies to identity the security knowledge that needs to be incorporated into organizations and to find instances of best practice for building an information security culture within organizations.",
author = "Amjad Mahfuth and Salman Yussof and Baker, {Asmidar Abu} and Nor'Ashikin Ali",
year = "2017",
month = "8",
day = "3",
doi = "10.1109/ICRIIS.2017.8002442",
language = "English",
series = "International Conference on Research and Innovation in Information Systems, ICRIIS",
publisher = "IEEE Computer Society",
booktitle = "5th International Conference on Research and Innovation in Information Systems",
address = "United States",

}

Mahfuth, A, Yussof, S, Baker, AA & Ali, NA 2017, A systematic literature review: Information security culture. in 5th International Conference on Research and Innovation in Information Systems: Social Transformation through Data Science, ICRIIS 2017., 8002442, International Conference on Research and Innovation in Information Systems, ICRIIS, IEEE Computer Society, 5th International Conference on Research and Innovation in Information Systems, ICRIIS 2017, Langkawi, Kedah, Malaysia, 16/07/17. https://doi.org/10.1109/ICRIIS.2017.8002442

A systematic literature review : Information security culture. / Mahfuth, Amjad; Yussof, Salman; Baker, Asmidar Abu; Ali, Nor'Ashikin.

5th International Conference on Research and Innovation in Information Systems: Social Transformation through Data Science, ICRIIS 2017. IEEE Computer Society, 2017. 8002442 (International Conference on Research and Innovation in Information Systems, ICRIIS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - A systematic literature review

T2 - Information security culture

AU - Mahfuth, Amjad

AU - Yussof, Salman

AU - Baker, Asmidar Abu

AU - Ali, Nor'Ashikin

PY - 2017/8/3

Y1 - 2017/8/3

N2 - Human behavior inside organizations is considered the main threat to organizations. Moreover, in information security the human element consider the most of weakest link in general. Therefore it is crucial to create an information security culture to protect the organization's assets from inside and to influence employees' security behavior. This paper focuses on identifying the definitions and frameworks for establishing and maintaining information security culture inside organizations. It presents work have been done to conduct a systematic literature review of papers published on information security culture from 2003 to 2016. The review identified 68 papers that focus on this area, 18 of which propose an information security culture framework. An analysis of these papers indicate there is a positive relationship between levels of knowledge and how employees behave. The level of knowledge significantly affects information security behavior and should be considered as a critical factor in the effectiveness of information security culture and in any further work that is carried out on information security culture. Therefore, there is a need for more studies to identity the security knowledge that needs to be incorporated into organizations and to find instances of best practice for building an information security culture within organizations.

AB - Human behavior inside organizations is considered the main threat to organizations. Moreover, in information security the human element consider the most of weakest link in general. Therefore it is crucial to create an information security culture to protect the organization's assets from inside and to influence employees' security behavior. This paper focuses on identifying the definitions and frameworks for establishing and maintaining information security culture inside organizations. It presents work have been done to conduct a systematic literature review of papers published on information security culture from 2003 to 2016. The review identified 68 papers that focus on this area, 18 of which propose an information security culture framework. An analysis of these papers indicate there is a positive relationship between levels of knowledge and how employees behave. The level of knowledge significantly affects information security behavior and should be considered as a critical factor in the effectiveness of information security culture and in any further work that is carried out on information security culture. Therefore, there is a need for more studies to identity the security knowledge that needs to be incorporated into organizations and to find instances of best practice for building an information security culture within organizations.

UR - http://www.scopus.com/inward/record.url?scp=85029958831&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85029958831&partnerID=8YFLogxK

U2 - 10.1109/ICRIIS.2017.8002442

DO - 10.1109/ICRIIS.2017.8002442

M3 - Conference contribution

AN - SCOPUS:85029958831

T3 - International Conference on Research and Innovation in Information Systems, ICRIIS

BT - 5th International Conference on Research and Innovation in Information Systems

PB - IEEE Computer Society

ER -

Mahfuth A, Yussof S, Baker AA, Ali NA. A systematic literature review: Information security culture. In 5th International Conference on Research and Innovation in Information Systems: Social Transformation through Data Science, ICRIIS 2017. IEEE Computer Society. 2017. 8002442. (International Conference on Research and Innovation in Information Systems, ICRIIS). https://doi.org/10.1109/ICRIIS.2017.8002442