eprintid: 15032
rev_number: 2
eprint_status: archive
userid: 1
dir: disk0/00/01/50/32
datestamp: 2023-11-10 03:29:38
lastmod: 2023-11-10 03:29:38
status_changed: 2023-11-10 01:58:27
type: article
metadata_visibility: show
creators_name: Ali, R.F.
creators_name: Dominic, P.D.D.
creators_name: Ali, S.E.A.
creators_name: Rehman, M.
creators_name: Sohail, A.
title: Information security behavior and information security policy compliance: a systematic literature review for identifying the transformation process from noncompliance to compliance
ispublished: pub
note: cited By 49
abstract: A grave concern to an organization�s information security is employees� behavior when they do not value information security policy compliance (ISPC). Most ISPC studies evaluate compliance and noncompliance behaviors separately. However, the literature lacks a comprehensive understanding of the factors that transform the employees� behavior from noncompliance to compliance. Therefore, we conducted a systematic literature review (SLR), highlighting the studies done concerning information security behavior (ISB) towards ISPC in multiple settings: research frameworks, research designs, and research methodologies over the last decade. We found that ISPC research focused more on compliance behaviors than noncompliance behaviors. Value con-flicts, security�related stress, and neutralization, among many other factors, provided significant evidence towards noncompliance. At the same time, internal/external and protection motivations proved positively significant towards compliance behaviors. Employees perceive internal and external motivations from their social circle, management behaviors, and organizational culture to adopt security�aware behaviors. Deterrence techniques, management behaviors, culture, and information security awareness play a vital role in transforming employees� noncompliance into compliance behaviors. This SLR�s motivation is to synthesize the literature on ISPC and ISB, identifying the behavioral transformation process from noncompliance to compliance. This SLR con-tributes to information system security literature by providing a behavior transformation process model based on the existing ISPC literature. © 2021 by the authors. Licensee MDPI, Basel, Switzerland.
date: 2021
publisher: MDPI AG
official_url: https://www.scopus.com/inward/record.uri?eid=2-s2.0-85104172028&doi=10.3390%2fapp11083383&partnerID=40&md5=bb4e3a4aee119b1dc1bc8c179fdf6bac
id_number: 10.3390/app11083383
full_text_status: none
publication: Applied Sciences (Switzerland)
volume: 11
number: 8
refereed: TRUE
issn: 20763417
citation:   Ali, R.F. and Dominic, P.D.D. and Ali, S.E.A. and Rehman, M. and Sohail, A.  (2021) Information security behavior and information security policy compliance: a systematic literature review for identifying the transformation process from noncompliance to compliance.  Applied Sciences (Switzerland), 11 (8).   ISSN 20763417