INFORMATION SECURITY CULTURE GUIDELINES TO IMPROVE EMPLOYEE’S SECURITY BEHAVIOR: A REVIEW OF EMPIRICAL STUDIES

Authors

  • N. Akhyari Faculty of Computer, Media and Technology Management, TATI University College, 24000 Kemaman, Terengganu
  • A. A. Ruzaini Faculty of Computer Systems and Software Engineering, Universiti Malaysia Pahang, 26300 Kuantan, Pahang
  • A. H. Rashid Faculty of Industrial Management, Universiti Malaysia Pahang, 26300 Kuantan, Pahang

DOI:

https://doi.org/10.4314/jfas.v10i2s.21

Keywords:

information security culture, information security policy compliance behavior, security behavior.

Abstract

This paper reviews Information Security Culture (ISC) studies published in six leading databases from year 2000 until 2016 to investigate empirical findings that could support the relationship between ISC and employee’s security behavior as well as to identify the findings that could be applied as guidelines to cultivate ISC in the organization. This review discovered that there is lack of comprehensive empirical studies have been done to provide sufficient empirical findings in supporting the relationship between ISC and security behavior. The approaches of the studies in terms of conceptualization and operationalization of ISC concept also limit the applicability of the findings to be used as the guidelines for ISC cultivation. This paper provides clear justifications on these issues and indicated a clear direction on the future of ISC research to be taken.

Downloads

Published

2018-02-01

Issue

Section

Research Articles