Cyber–information security compliance and violation behaviour in organisations: A systematic review

Cyber and information security (CIS) is an issue of national and international interest. Despite sophisticated security systems and extensive physical countermeasures to combat cyber-attacks, organisations are vulnerable due to the involvement of the human factor. Humans are regarded as the weakest...

Full description

Bibliographic Details
Main Authors: Sulaiman, Noor Suhani, Fauzi, M. A., Wider, Walton, Rajadurai, Jegatheesan, Hussain, Suhaidah, Harun, Siti Aminah
Format: Article
Language:English
Published: MDPI 2022
Subjects:
Online Access:http://umpir.ump.edu.my/id/eprint/35216/1/2022_Social%20Sciences_Cyber-Information%20Security%20Compliance%20and%20violation%20behavior%20in%20organizations.pdf
_version_ 1825814548881342464
author Sulaiman, Noor Suhani
Fauzi, M. A.
Wider, Walton
Rajadurai, Jegatheesan
Hussain, Suhaidah
Harun, Siti Aminah
author_facet Sulaiman, Noor Suhani
Fauzi, M. A.
Wider, Walton
Rajadurai, Jegatheesan
Hussain, Suhaidah
Harun, Siti Aminah
author_sort Sulaiman, Noor Suhani
collection UMP
description Cyber and information security (CIS) is an issue of national and international interest. Despite sophisticated security systems and extensive physical countermeasures to combat cyber-attacks, organisations are vulnerable due to the involvement of the human factor. Humans are regarded as the weakest link in cybersecurity systems as development in digital technology advances. The area of cybersecurity is an extension of the previously studied fields of information and internet security. The need to understand the underlying human behavioural factors associated with CIS policy warrants further study, mainly from theoretical perspectives. Based on these underlying theoretical perspectives, this study reviews literature focusing on CIS compliance and violations by personnel within organisations. Sixty studies from the years 2008 to 2020 were reviewed. Findings suggest that several prominent theories were used extensively and integrated with another specific theory. Protection Motivation Theory (PMT), the Theory of Planned Behaviour (TPB), and General Deterrence Theory (GDT) were identified as among the most referred-to theories in this area. The use of current theories is discussed based on their emerging importance and their suitability in future CIS studies. This review lays the foundation for future researchers by determining gaps and areas within the CIS context and encompassing employee compliance and violations within an organisation.
first_indexed 2024-03-06T13:00:14Z
format Article
id UMPir35216
institution Universiti Malaysia Pahang
language English
last_indexed 2024-03-06T13:00:14Z
publishDate 2022
publisher MDPI
record_format dspace
spelling UMPir352162022-09-28T03:47:11Z http://umpir.ump.edu.my/id/eprint/35216/ Cyber–information security compliance and violation behaviour in organisations: A systematic review Sulaiman, Noor Suhani Fauzi, M. A. Wider, Walton Rajadurai, Jegatheesan Hussain, Suhaidah Harun, Siti Aminah H Social Sciences (General) Cyber and information security (CIS) is an issue of national and international interest. Despite sophisticated security systems and extensive physical countermeasures to combat cyber-attacks, organisations are vulnerable due to the involvement of the human factor. Humans are regarded as the weakest link in cybersecurity systems as development in digital technology advances. The area of cybersecurity is an extension of the previously studied fields of information and internet security. The need to understand the underlying human behavioural factors associated with CIS policy warrants further study, mainly from theoretical perspectives. Based on these underlying theoretical perspectives, this study reviews literature focusing on CIS compliance and violations by personnel within organisations. Sixty studies from the years 2008 to 2020 were reviewed. Findings suggest that several prominent theories were used extensively and integrated with another specific theory. Protection Motivation Theory (PMT), the Theory of Planned Behaviour (TPB), and General Deterrence Theory (GDT) were identified as among the most referred-to theories in this area. The use of current theories is discussed based on their emerging importance and their suitability in future CIS studies. This review lays the foundation for future researchers by determining gaps and areas within the CIS context and encompassing employee compliance and violations within an organisation. MDPI 2022 Article PeerReviewed pdf en cc_by_4 http://umpir.ump.edu.my/id/eprint/35216/1/2022_Social%20Sciences_Cyber-Information%20Security%20Compliance%20and%20violation%20behavior%20in%20organizations.pdf Sulaiman, Noor Suhani and Fauzi, M. A. and Wider, Walton and Rajadurai, Jegatheesan and Hussain, Suhaidah and Harun, Siti Aminah (2022) Cyber–information security compliance and violation behaviour in organisations: A systematic review. Social Sciences, 11 (9). pp. 1-17. ISSN 2076-0760. (Published) https://doi.org/10.3390/socsci11090386 https://doi.org/10.3390/socsci11090386
spellingShingle H Social Sciences (General)
Sulaiman, Noor Suhani
Fauzi, M. A.
Wider, Walton
Rajadurai, Jegatheesan
Hussain, Suhaidah
Harun, Siti Aminah
Cyber–information security compliance and violation behaviour in organisations: A systematic review
title Cyber–information security compliance and violation behaviour in organisations: A systematic review
title_full Cyber–information security compliance and violation behaviour in organisations: A systematic review
title_fullStr Cyber–information security compliance and violation behaviour in organisations: A systematic review
title_full_unstemmed Cyber–information security compliance and violation behaviour in organisations: A systematic review
title_short Cyber–information security compliance and violation behaviour in organisations: A systematic review
title_sort cyber information security compliance and violation behaviour in organisations a systematic review
topic H Social Sciences (General)
url http://umpir.ump.edu.my/id/eprint/35216/1/2022_Social%20Sciences_Cyber-Information%20Security%20Compliance%20and%20violation%20behavior%20in%20organizations.pdf
work_keys_str_mv AT sulaimannoorsuhani cyberinformationsecuritycomplianceandviolationbehaviourinorganisationsasystematicreview
AT fauzima cyberinformationsecuritycomplianceandviolationbehaviourinorganisationsasystematicreview
AT widerwalton cyberinformationsecuritycomplianceandviolationbehaviourinorganisationsasystematicreview
AT rajaduraijegatheesan cyberinformationsecuritycomplianceandviolationbehaviourinorganisationsasystematicreview
AT hussainsuhaidah cyberinformationsecuritycomplianceandviolationbehaviourinorganisationsasystematicreview
AT harunsitiaminah cyberinformationsecuritycomplianceandviolationbehaviourinorganisationsasystematicreview