2015 48th Hawaii International Conference on System Sciences 2015
DOI: 10.1109/hicss.2015.508
|View full text |Cite
|
Sign up to set email alerts
|

Evolvement of Information Security Research on Employees' Behavior: A Systematic Review and Future Direction

Abstract: Information Security (IS) is one of the biggest concerns for many organizations. This concern has led many to focus a huge effort into studying different IS areas. One of these critical areas is the human aspect, where investigation of employees' behaviors has emerged as an important topic. In this paper, we conduct a systematic review of all empirical studies published on this topic. The review will highlight the theoretical and methodological development and the dissemination of related empirical studies in … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
19
0

Year Published

2018
2018
2022
2022

Publication Types

Select...
5
1

Relationship

0
6

Authors

Journals

citations
Cited by 12 publications
(19 citation statements)
references
References 70 publications
(162 reference statements)
0
19
0
Order By: Relevance
“…Cilliers [36] states the most common data breach still remains where employees that have access to or may copy information without authorization. There are also a number of theories that have been published [16], [37] including deterrence theory (DT), theory of reasoned action/planned behavior (TRA), protection motivation theory (PMT), rational choice theory (RCT), social cognitive theory (SCT), social bond theory (SBT), and neutralization theory (NT), which address modeling behavior or behavioral change. However, all of these theories appear to focus upon intentional action and not address the prominent issue of unintentional human error.…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…Cilliers [36] states the most common data breach still remains where employees that have access to or may copy information without authorization. There are also a number of theories that have been published [16], [37] including deterrence theory (DT), theory of reasoned action/planned behavior (TRA), protection motivation theory (PMT), rational choice theory (RCT), social cognitive theory (SCT), social bond theory (SBT), and neutralization theory (NT), which address modeling behavior or behavioral change. However, all of these theories appear to focus upon intentional action and not address the prominent issue of unintentional human error.…”
Section: Related Workmentioning
confidence: 99%
“…Other research presented that 24% of data loss incidents were caused by insiders including accidental and malicious acts [16], 55% of root causes of data breaches occurred as a result of unintentional employee action [17] and more than one-third of hospital communication errors were related to human factors. In addition, it is also published that most unintended and unanticipated errors are due to socio-technical issues when using technologies [18] which are leading to the socio-technical nature of information security coming to the fore [19].…”
Section: Introductionmentioning
confidence: 99%
“…Similarly, the Chronology of Data Breaches shows that in 2012 in the U.S., approximately 9,232,015 records were stolen as the result of insider data breaches. The Ponemon Institute shows that 35% of data breaches around the world were due to human errors (Alaskar, Vodanovich and Shen 2015).…”
Section: Human Factors In Information Securitymentioning
confidence: 99%
“…According to the review paper by Alaskar, Vodanovich and Shen (2015), General Deterrence Theory is still the dominant theory used by Information Systems scholars to study information security compliance (Chen, Ramamurthy and Wen 2012, Cheng et al 2013, D'Arcy, Hovav and Galletta 2009, Guo and Yuan 2012, Harrington 1996, Lee, Lee and Yoo 2004, Siponen and Vance 2010, Son 2011, Straub Jr 1990). Straub Jr and Nance (1990) adopted classical deterrence theory from criminology literature into their information security studies.…”
Section: General Deterrence Theorymentioning
confidence: 99%
See 1 more Smart Citation