Universiti Teknologi Malaysia Institutional Repository

Systematic literature review of information security compliance behaviour theories

Kuppusamy, P. and Samy, G. N. and Maarop, N. and Magalingam, P. and Kamaruddin, N. and Shanmugam, B. and Perumal, S. (2020) Systematic literature review of information security compliance behaviour theories. In: 2nd International Conference on Recent Advancements in Science and Technology, ICoRAST 2019, 28-30 Oct 2019, Putrajaya, Malaysia.



The paper aims to identify behavioural theories that influence information security policies compliance behaviour. A systematic review of empirical studies from eleven online databases (ACM digital library, Emerald Insight, IEEE Xplore digital library, Springer link, Science direct, Scopus, Web of Science, Oxford academic journals, SAGE journals, Taylor & Francis and Wiley online library) are conducted. This review identified 29 studies met its criterion for inclusion. The investigated theories were extracted and analysed. Total of 19 theories have been identified and studied concerning to security policy compliance behaviour. The result indicated that the most established theories in information security compliance behaviour studies are the Theory of Planned Behavior and Protection Motivation theory. Meanwhile, General Deterrence Theory, Neutralization theory, Social Bond Theory / Social Control Theory are used moderately in this research area. Less explored theories are namely Self Determination Theory, Knowledge, Attitude, and Behavior, Social Cognitive Theory, Involvement Theory, Health belief model, Theory of Interpersonal Behavior, Extended Parallel Processing Model, Organisational Control Theory, Psychological Reactance Theory, Norm Activation Theory, Organizational Behaviour Theory, Cognitive Evaluation Theory and Extended Job Demands-Resources. The results from this review may guide the development and evaluation of theories promoting information security compliance behaviours. This will further contribute in the development of an integrated theory of information security compliance behaviour.

Item Type:Conference or Workshop Item (Paper)
Uncontrolled Keywords:behavioural theories, information security compliance, information security policy
Subjects:T Technology > T Technology (General)
Divisions:Razak School of Engineering and Advanced Technology
ID Code:93185
Deposited By: Narimah Nawil
Deposited On:19 Nov 2021 11:15
Last Modified:19 Nov 2021 11:15

Repository Staff Only: item control page