Main Article Content

Information security culture guidelines to improve employee’s security behavior: a review of empirical studies


N Akhyari
A.A. Ruzaini
A.H. Rashid

Abstract

This paper reviews Information Security Culture (ISC) studies published in six leading databases from year 2000 until 2016 to investigate empirical findings that could support the relationship between ISC and employee’s security behavior as well as to identify the findings that could be applied as guidelines to cultivate ISC in the organization. This review discovered that there is lack of comprehensive empirical studies have been done to provide sufficient empirical findings in supporting the relationship between ISC and security behavior. The approaches of the studies in terms of conceptualization and operationalization of ISC concept also limit the applicability of the findings to be used as the guidelines for ISC cultivation. This paper provides clear justifications on these issues and indicated a clear direction on the future of ISC research to be taken.

Keywords: information security culture; information security policy compliance behavior; security behavior


Journal Identifiers


eISSN:
print ISSN: 1112-9867