oru.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Information security culture: state-of-the-art review between 2000 and 2013
Örebro University, Örebro University School of Business.ORCID iD: 0000-0002-3265-7627
Örebro University, School of Humanities, Education and Social Sciences.ORCID iD: 0000-0001-7291-2875
Örebro University, School of Humanities, Education and Social Sciences.ORCID iD: 0000-0002-5485-8577
2015 (English)In: Information and Computer Security, ISSN 2056-4961, Vol. 23, no 3, p. 246-285Article in journal (Refereed) Published
Abstract [en]

Purpose – The aim of this paper is to survey existing information security culture research to scrutinise the kind of knowledge that has been developed and the way in which this knowledge has been brought about.

Design/methodology/approach – Results are based on a literature review of information security culture research published between 2000 and 2013 (December).

Findings – This paper can conclude that existing research has focused on a broad set of research topics, but with limited depth. It is striking that the effects of different information security cultures have not been part of that focus. Moreover, existing research has used a small repertoire of research methods, a repertoire that is more limited than in information systems research in general. Furthermore, an extensive part of the research is descriptive, philosophical or theoretical – lacking a structured use of empirical data – which means that it is quite immature.

Research limitations/implications – Findings call for future research that: addresses the effects of different information security cultures; addresses the identified research topics with greater depth; focuses more on generating theories or testing theories to increase the maturity of this subfield of information security research; and uses a broader set of research methods. It would be particularly interesting to see future studies that use intervening or ethnographic approaches because, to date, these have been completely lacking in existing research.

Practical implications – Findings show that existing research is, to a large extent, descriptive, philosophical or theoretical. Hence, it is difficult for practitioners to adopt these research results, such as frameworks for cultivating or assessment tools, which have not been empirically validated.

Originality/value – Few state-of-the-art reviews have sought to assess the maturity of existing research on information security culture. Findings on types of research methods used in information security culture research extend beyond the existing knowledge base, which allows for a critical discussion about existing research in this sub-discipline of information security.

Place, publisher, year, edition, pages
Emerald , 2015. Vol. 23, no 3, p. 246-285
Keywords [en]
Information security, information security culture, literature review
National Category
Information Systems
Research subject
Informatics
Identifiers
URN: urn:nbn:se:oru:diva-39187DOI: 10.1108/ICS-05-2014-0033ISI: 000218512600001Scopus ID: 2-s2.0-84946541446OAI: oai:DiVA.org:oru-39187DiVA, id: diva2:767461
Available from: 2014-12-01 Created: 2014-12-01 Last updated: 2018-04-24Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records BETA

Karlsson, FredrikÅström, JoachimKarlsson, Martin

Search in DiVA

By author/editor
Karlsson, FredrikÅström, JoachimKarlsson, Martin
By organisation
Örebro University School of BusinessSchool of Humanities, Education and Social Sciences
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 1934 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf