Universiti Teknologi Malaysia Institutional Repository

Information security policy compliance behavior models, theories, and influencing factors: a systematic literature review

Kuppusamy, Puspadevi and Samy, Ganthan Narayana and Maarop, Nurazean and Shanmugam, Bharanidharan and Perumal, Sundresan (2022) Information security policy compliance behavior models, theories, and influencing factors: a systematic literature review. Journal of Theoretical and Applied Information Technology, 100 (5). pp. 1536-1557. ISSN 1992-8645

Full text not available from this repository.

Official URL: http://www.jatit.org/volumes/Vol100No5/28Vol100No5...


The paper aims to identify information security policy compliance behavior models, their respected theories, and influencing factors. This is the first and most current comprehensive systematic review of information security policy compliance models, theories, and influencing factors. A systematic review of empirical studies from twelve online databases was conducted. This review resulted in thirty-two (32) information security policy compliance behavior models proposed in different domains comprising various theories, concepts, and influencing factors. The results showed the importance of this issue among the researchers and a major limitation found was generalizability. Twenty (20) primary theories were extracted from the identified studies and found the theory of planned behavior and the protection motivation theory are the most trusted and reliable theories in information security policy compliance behavior models. Further analyses identified sixty (60) influencing factors and their alternative names and definitions. The most promising factors (high usage) of importance in descending orders are subjective norms, self-efficacy, attitudes, perceived benefits, threat vulnerability, threat severity, response efficacy, response cost, and experience. Besides that, factors such as self-efficacy, attitude, perceived benefit, threat severity, response efficacy, sanction severity, personal norms, experience, and training support were found and proved to be positively associated with the intention of compliance and considered robust for increasing information security compliance intention behavior. The results of this research can offer valuable information to fellow researchers in listing the models, their limitations, theories that are trustable, and influence factors that are critical for building a better model in the future.

Item Type:Article
Uncontrolled Keywords:information security policy, cybersecurity policy, security behavior, security compliance, systematic literature review
Subjects:T Technology > T Technology (General) > T55-55.3 Industrial Safety. Industrial Accident Prevention
T Technology > T Technology (General) > T58.5-58.64 Information technology
Divisions:Razak School of Engineering and Advanced Technology
ID Code:98588
Deposited By: Yanti Mohd Shah
Deposited On:25 Jan 2023 17:26
Last Modified:25 Jan 2023 17:26

Repository Staff Only: item control page