This paper provides a systematic literature review in the information security policies� compliance (ISPC) field, with respect to information security culture, information security awareness, and information security management exploring in various settings the research designs, methodologies, and frameworks that have evolved over the last decade. Studies conducted from 2006 to 2016 reporting results from data collected through diverse means have been explored; however, only a few studies have focused primarily on a sensitive infrastructure under risk, as is the case with higher education institutions (HEIs). This study reports that ISPC in HEIs remains scarce, as is the realization of security threats and dissemination of information security policies to end users (employees). This research makes a novel contribution to the body of knowledge as a unique study that has reviewed the influence of institutional governance in HEIs on protection motivation leading towards ISPC. © 2018, © 2018 International Association for Computer Information Systems.