A descriptive review and classification of organizational information security awareness research

Gershon Hutchinson, Jacques Ophoff*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)
314 Downloads (Pure)


Information security awareness (ISA) is a vital component of information security in organizations. The purpose of this research is to descriptively review and classify the current body of knowledge on ISA. A sample of 59 peer-reviewed academic journal articles, which were published over the last decade from 2008 to 2018, were analyzed. Articles were classified using coding techniques from the grounded theory literature-review method. The results show that ISA research is evolving with behavioral research studies still being explored. Quantitative empirical research is the dominant methodology and the top three theories used are general deterrence theory, theory of planned behavior, and protection motivation theory. Future research could focus on qualitative approaches to provide greater depth of ISA understanding.
Original languageEnglish
Title of host publicationInformation and cyber security
Subtitle of host publication18th International conference, ISSA 2019, Johannesburg, South Africa, August 15, 2019, proceedings
EditorsHein Venter, Marianne Loock, Marijke Coetzee, Mariki Eloff, Jan Eloff
Place of PublicationCham
Number of pages17
ISBN (Electronic)9783030432768
ISBN (Print)9783030432751
Publication statusPublished - 8 Mar 2020
Event18th International Information Security South Africa Conference - Johannesburg, South Africa
Duration: 15 Aug 201915 Aug 2019
Conference number: 18th

Publication series

NameCommunications in Computer and Information Science (CCIS)
ISSN (Print)1865-0929
ISSN (Electronic)1865-0937


Conference18th International Information Security South Africa Conference
Abbreviated titleISSA 2019
Country/TerritorySouth Africa
Internet address


  • Organizational information security awareness
  • Literature review


Dive into the research topics of 'A descriptive review and classification of organizational information security awareness research'. Together they form a unique fingerprint.

Cite this