A systematic literature review: Information security culture

Amjad Mahfuth, Salman Yussof, Asmidar Abu Baker, Nor'Ashikin Ali

Research output: Chapter in Book/Report/Conference proceedingConference contribution

11 Citations (Scopus)

Abstract

Human behavior inside organizations is considered the main threat to organizations. Moreover, in information security the human element consider the most of weakest link in general. Therefore it is crucial to create an information security culture to protect the organization's assets from inside and to influence employees' security behavior. This paper focuses on identifying the definitions and frameworks for establishing and maintaining information security culture inside organizations. It presents work have been done to conduct a systematic literature review of papers published on information security culture from 2003 to 2016. The review identified 68 papers that focus on this area, 18 of which propose an information security culture framework. An analysis of these papers indicate there is a positive relationship between levels of knowledge and how employees behave. The level of knowledge significantly affects information security behavior and should be considered as a critical factor in the effectiveness of information security culture and in any further work that is carried out on information security culture. Therefore, there is a need for more studies to identity the security knowledge that needs to be incorporated into organizations and to find instances of best practice for building an information security culture within organizations.

Original languageEnglish
Title of host publication5th International Conference on Research and Innovation in Information Systems
Subtitle of host publicationSocial Transformation through Data Science, ICRIIS 2017
PublisherIEEE Computer Society
ISBN (Electronic)9781509030354
DOIs
Publication statusPublished - 03 Aug 2017
Event5th International Conference on Research and Innovation in Information Systems, ICRIIS 2017 - Langkawi, Kedah, Malaysia
Duration: 16 Jul 201717 Jul 2017

Publication series

NameInternational Conference on Research and Innovation in Information Systems, ICRIIS
ISSN (Print)2324-8149
ISSN (Electronic)2324-8157

Other

Other5th International Conference on Research and Innovation in Information Systems, ICRIIS 2017
CountryMalaysia
CityLangkawi, Kedah
Period16/07/1717/07/17

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Human-Computer Interaction
  • Information Systems

Cite this

Mahfuth, A., Yussof, S., Baker, A. A., & Ali, NA. (2017). A systematic literature review: Information security culture. In 5th International Conference on Research and Innovation in Information Systems: Social Transformation through Data Science, ICRIIS 2017 [8002442] (International Conference on Research and Innovation in Information Systems, ICRIIS). IEEE Computer Society. https://doi.org/10.1109/ICRIIS.2017.8002442