To Örebro University

oru.seÖrebro University Publications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Enhancing employees information security awareness in private and public organisations: A systematic literature review
Örebro University, Örebro University School of Business.
Örebro University, Örebro University School of Business. Department of Informatics.ORCID iD: 0000-0002-3722-6797
Örebro University, Örebro University School of Business. Department of Informatics.ORCID iD: 0000-0002-7907-6037
Department of Informatics, Örebro University, Örebro, Sweden.
2021 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 106, article id 102267Article, review/survey (Refereed) Published
Abstract [en]

Preserving the confidentiality, integrity and availability (CIA) of an organisation's sensitive information systems assets against attacks and threats is a challenge in this digital age. Or-ganisations worldwide make huge investments in information security technological coun-termeasures. Nonetheless, organisations in many cases fail to protect their information as-sets as they rely mainly on technical solutions which are not contextually compatible and sufficient. As a matter of fact, a significant number of organisational information security in-cidents are due to the exploitation of human elements that directly and/or indirectly cause the majority of security incidents. Therefore, employees' information security awareness (ISA) becomes one of the critical aspects of protection against undesirable information se-curity behaviours. However, to date, there is limited synthesised knowledge about methods for enhancing ISA and integrated insights on factors affecting employees' ISA levels. This study, therefore, provides a systematic review of the literature on ISA and puts forward a state-of-the-art collection of ISA methods and factors for enhancing employees' ISA within both private and public sector organisations. The results indicate that various methods and factors are used to enhance employees' ISA in organisations. Theoretical models and gami-fication are the methods widely used in both private and public organisations, whereas the constructivist approach and violation detections are some of the methods used only in pri-vate organisations. Furthermore, this study offers some insights into the latest trends in ISA content development methods and factors, and fosters good ISA practice by disseminating information and knowledge amongst Information Security professionals to help them build an overarching ISA development programme in their organisations.

Place, publisher, year, edition, pages
Elsevier, 2021. Vol. 106, article id 102267
Keywords [en]
Information security awareness, Literature review, Private organisations, Public organisations, Information Security Management, Awareness methods, Awareness factors
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:oru:diva-93219DOI: 10.1016/j.cose.2021.102267ISI: 000663496000019Scopus ID: 2-s2.0-85104919535OAI: oai:DiVA.org:oru-93219DiVA, id: diva2:1582171
Available from: 2021-07-29 Created: 2021-07-29 Last updated: 2022-01-07Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Khando, KhandoGao, ShangIslam, M. Sirajul

Search in DiVA

By author/editor
Khando, KhandoGao, ShangIslam, M. Sirajul
By organisation
Örebro University School of Business
In the same journal
Computers & security (Print)
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 780 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf