Information Security Policy Compliance: Systematic Literature Review

Angraini, Angraini; Alias, Rose Alinda; Okfalisa,

doi:10.1016/j.procs.2019.11.235

Cited by 21 publications

(10 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The results showed that the general deterrence theory, theory of planned behavior (TPB) and protection motivation theory are the most frequently used in the field which concurs with [31,32]. The following paragraphs discuss the five most common theories in the studies; other theories are listed in Appendix Table 2 in detail.…”

Section: Rq1-what Are the Theories Used In The Information Security Policies Compliance Context? Rq2-what Is The Kind Of Relation Of Inflmentioning

confidence: 99%

See 1 more Smart Citation

Exploring the Influence of Direct and Indirect Factors on Information Security Policy Compliance: A Systematic Literature Review

Alassaf

Alkhalifah²

2021

IEEE Access

View full text Add to dashboard Cite

Information systems security is considered one of the key issues concerning organizations' management. Despite the massive investment that organizations make to safeguard their systems, there are still many internal security breaches. The increase in insider threats to information systems can be related to the employees' compliance toward information security policy. Several review papers were conducted to explore information security policy compliance behavior research. However, the literature lacks insight into the positive and negative (direct or indirect) influence of human and organizational theories and their factors influencing information security policy compliance behavior. Therefore, this paper provides a systematic literature review synthesizing the psychological theories, organizational theories, and other internal and external factors on information security policy compliance researches. The results analysis of 87 studies showed that the general deterrence theory, theory of planned behavior, and protection motivation theory are the most frequently used. The influencing factors of theories are mostly similar in the results. Furthermore, information security education, training and awareness, trust, and leadership, among many other internal and external factors, are highly used. This study is one of the first researches that explores the relationship types among the influencing factors; emphasizing the direct and indirect effect, and information security policy compliance behavior. This paper also identifies some gaps in information security policy compliance behavior research and proposes future works. In addition, it provides a theoretical contribution and practical insight in the context of information security policy compliance.

show abstract

Section: Rq1-what Are the Theories Used In The Information Security Policies Compliance Context? Rq2-what Is The Kind Of Relation Of Inflmentioning

confidence: 99%

“…A meta-analysis of 35 articles was conducted by Trang and Brendel [30] to explain the effect of deterrence theory towards ISPC. Angraini et al [31] conducted a study covering 59 articles to evaluate the existing theories in ISPC research. Kuppusamy et al [32] also identified several theories using 29 relevant articles.…”

Section: Motivations For the Current Studymentioning

confidence: 99%

Exploring the Influence of Direct and Indirect Factors on Information Security Policy Compliance: A Systematic Literature Review

Alassaf

Alkhalifah²

2021

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Governance for information security can be identified as a process which deals with procedures and methods for monitoring information availability, accessibility, reliability, and safety and compliance with government policies [25,26]. The vital issue is it requires full commitment and support from the top management of the organization for the execution of information security management [27]. In an SC, the systems will be implemented in a single platform to aggregate data and manage SC initiatives.…”

Section: Citizen's Acceptancementioning

confidence: 99%

Challenges in IoT Technology Adoption into Information System Security Management of Smart Cities: A Review

2021

Adv. sci. technol. eng. syst. j.

View full text Add to dashboard Cite

Sustainable urban development and utilization of Internet of Things (IoT) technology is driving cities globally to evolve into Smart Cities (SC). The power of IoT services and applications will enable public agencies to provide personalized services to the citizens and inevitably improves their much-needed quality of life. However, although the use of IoT technology proves to be advantageous to citizens, it is not without challenges, particularly concerning with the management of information security. As agencies prepare towards SCs with the utilization of IoT, their Information Systems (IS) security management is even more critical. Current IS security management approaches must be reviewed and potentially revise appropriately in tandem with the increasing commercial use of the IoT technology. Therefore, this paper aims to discuss challenges in the IS management specifically in protecting and assuring information accuracy and completeness. Document analysis on relevant literature has been carried out to identify and analyse the challenges. The result discusses that the IS security management for IoT-enabled SC is challenged in five aspects: governance, integrity, interoperability, personalization, and self-organizing. Considerations of these challenges will support SC development concerning the IS security management in IoT-enabled SC.

show abstract

“…A key instrument to reduce information security threats is to create deploy and enforce information security policies (Jaeger et al, 2020). Information security policy is an internal document to ensure information asset and information technology security with a specific procedure to support the organization objectives (Angraini et al, 2019). A security policy includes a list if physical and technical safeguards, data processing locations, information on personal data processing software.…”

Section: Data Descriptionmentioning

confidence: 99%

ICT security in businesses - efficiency analysis

Kemendi¹,

Michelberger²,

Mesjasz-Lech³

2021

JESI

View full text Add to dashboard Cite

The purpose of this paper was to identify ICT security measures and to assess the level of ICT security in small, medium and large enterprises in spatial terms. The measures in the ICT security area were identified based on secondary data of European Union member states retrieved from the Eurostat database. The research used the CCR Date Envelopment Analysis (CCR-DEA) model to meet the research purpose.The research identifies countries where ICT security results were achieved with the optimum combination of expenditures, i.e. the so-called fully efficient countries. The authors demonstrate that the countries participating in the optimal shared technology are aligned to non-fully efficient countries and they can achieve their results at lower expenditures. In the optimal technologies of all non-fully efficient countries the volume of the achieved results of enterprises is slightly higher than the actual volume. Research conducted in the area of enterprise ICT security rarely focuses on the efficiency of actions undertaken. The authors of this paper examine the technical efficiency in the area of enterprise information security in spatial terms and formulate conclusions about enterprises in the EU member states. The application of the expenditure-oriented CCR-DEA model identifies countries that achieve their results fully utilising their expenditures and those that are able to achieve at least the same results as achieved by non-fully efficient countries but at lower expenditures. The technical efficiency analysis of actions undertaken represents the starting point for defining good practices and success factors in the area of ICT security, both at enterprise and country levels.

show abstract

Information Security Policy Compliance: Systematic Literature Review

Cited by 21 publications

References 46 publications

Exploring the Influence of Direct and Indirect Factors on Information Security Policy Compliance: A Systematic Literature Review

Exploring the Influence of Direct and Indirect Factors on Information Security Policy Compliance: A Systematic Literature Review

Challenges in IoT Technology Adoption into Information System Security Management of Smart Cities: A Review

ICT security in businesses - efficiency analysis

Contact Info

Product

Resources

About