A descriptive review and classification of organizational information security awareness research

Gershon Hutchinson; Jacques Ophoff

doi:10.1007/978-3-030-43276-8_9

A descriptive review and classification of organizational information security awareness research

Gershon Hutchinson, Jacques Ophoff^*

^*Corresponding author for this work

SDI - Cyber Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

256 Downloads (Pure)

Abstract

Information security awareness (ISA) is a vital component of information security in organizations. The purpose of this research is to descriptively review and classify the current body of knowledge on ISA. A sample of 59 peer-reviewed academic journal articles, which were published over the last decade from 2008 to 2018, were analyzed. Articles were classified using coding techniques from the grounded theory literature-review method. The results show that ISA research is evolving with behavioral research studies still being explored. Quantitative empirical research is the dominant methodology and the top three theories used are general deterrence theory, theory of planned behavior, and protection motivation theory. Future research could focus on qualitative approaches to provide greater depth of ISA understanding.

Original language	English
Title of host publication	Information and cyber security
Subtitle of host publication	18th International conference, ISSA 2019, Johannesburg, South Africa, August 15, 2019, proceedings
Editors	Hein Venter, Marianne Loock, Marijke Coetzee, Mariki Eloff, Jan Eloff
Place of Publication	Cham
Publisher	Springer
Pages	114-130
Number of pages	17
ISBN (Electronic)	9783030432768
ISBN (Print)	9783030432751
DOIs	https://doi.org/10.1007/978-3-030-43276-8_9
Publication status	Published - 8 Mar 2020
Event	18th International Information Security South Africa Conference - Johannesburg, South Africa Duration: 15 Aug 2019 → 15 Aug 2019 Conference number: 18th https://web.archive.org/web/20190815053855/http://www.infosecsa.co.za/

Publication series

Name	Communications in Computer and Information Science (CCIS)
Publisher	Springer
Volume	1166
ISSN (Print)	1865-0929
ISSN (Electronic)	1865-0937

Conference

Conference	18th International Information Security South Africa Conference
Abbreviated title	ISSA 2019
Country/Territory	South Africa
City	Johannesburg
Period	15/08/19 → 15/08/19
Internet address	https://web.archive.org/web/20190815053855/http://www.infosecsa.co.za/

Keywords

Organizational information security awareness
Literature review

Access to Document

10.1007/978-3-030-43276-8_9

Ophoff_ADescriptiveReviewAndClassification_Accepted_2019Accepted author manuscript, 367 KB

Cite this

Hutchinson, G., & Ophoff, J. (2020). A descriptive review and classification of organizational information security awareness research. In H. Venter, M. Loock, M. Coetzee, M. Eloff, & J. Eloff (Eds.), Information and cyber security: 18th International conference, ISSA 2019, Johannesburg, South Africa, August 15, 2019, proceedings (pp. 114-130). (Communications in Computer and Information Science (CCIS); Vol. 1166). Springer. https://doi.org/10.1007/978-3-030-43276-8_9

Hutchinson, Gershon ; Ophoff, Jacques. / A descriptive review and classification of organizational information security awareness research. Information and cyber security: 18th International conference, ISSA 2019, Johannesburg, South Africa, August 15, 2019, proceedings. editor / Hein Venter ; Marianne Loock ; Marijke Coetzee ; Mariki Eloff ; Jan Eloff. Cham : Springer, 2020. pp. 114-130 (Communications in Computer and Information Science (CCIS)).

@inproceedings{9cf6d4ac4b374f18b0c4a60291dc09df,

title = "A descriptive review and classification of organizational information security awareness research",

abstract = "Information security awareness (ISA) is a vital component of information security in organizations. The purpose of this research is to descriptively review and classify the current body of knowledge on ISA. A sample of 59 peer-reviewed academic journal articles, which were published over the last decade from 2008 to 2018, were analyzed. Articles were classified using coding techniques from the grounded theory literature-review method. The results show that ISA research is evolving with behavioral research studies still being explored. Quantitative empirical research is the dominant methodology and the top three theories used are general deterrence theory, theory of planned behavior, and protection motivation theory. Future research could focus on qualitative approaches to provide greater depth of ISA understanding.",

author = "Gershon Hutchinson and Jacques Ophoff",

year = "2020",

month = mar,

day = "8",

doi = "10.1007/978-3-030-43276-8_9",

language = "English",

isbn = "9783030432751",

series = "Communications in Computer and Information Science (CCIS)",

publisher = "Springer",

pages = "114--130",

editor = "Hein Venter and Marianne Loock and Marijke Coetzee and Mariki Eloff and Jan Eloff",

booktitle = "Information and cyber security",

note = "18th International Information Security South Africa Conference, ISSA 2019 ; Conference date: 15-08-2019 Through 15-08-2019",

url = "https://web.archive.org/web/20190815053855/http://www.infosecsa.co.za/",

}

Hutchinson, G & Ophoff, J 2020, A descriptive review and classification of organizational information security awareness research. in H Venter, M Loock, M Coetzee, M Eloff & J Eloff (eds), Information and cyber security: 18th International conference, ISSA 2019, Johannesburg, South Africa, August 15, 2019, proceedings. Communications in Computer and Information Science (CCIS), vol. 1166, Springer, Cham, pp. 114-130, 18th International Information Security South Africa Conference, Johannesburg, South Africa, 15/08/19. https://doi.org/10.1007/978-3-030-43276-8_9

A descriptive review and classification of organizational information security awareness research. / Hutchinson, Gershon; Ophoff, Jacques.

Information and cyber security: 18th International conference, ISSA 2019, Johannesburg, South Africa, August 15, 2019, proceedings. ed. / Hein Venter; Marianne Loock; Marijke Coetzee; Mariki Eloff; Jan Eloff. Cham : Springer, 2020. p. 114-130 (Communications in Computer and Information Science (CCIS); Vol. 1166).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - A descriptive review and classification of organizational information security awareness research

AU - Hutchinson, Gershon

AU - Ophoff, Jacques

N1 - Conference code: 18th

PY - 2020/3/8

Y1 - 2020/3/8

N2 - Information security awareness (ISA) is a vital component of information security in organizations. The purpose of this research is to descriptively review and classify the current body of knowledge on ISA. A sample of 59 peer-reviewed academic journal articles, which were published over the last decade from 2008 to 2018, were analyzed. Articles were classified using coding techniques from the grounded theory literature-review method. The results show that ISA research is evolving with behavioral research studies still being explored. Quantitative empirical research is the dominant methodology and the top three theories used are general deterrence theory, theory of planned behavior, and protection motivation theory. Future research could focus on qualitative approaches to provide greater depth of ISA understanding.

AB - Information security awareness (ISA) is a vital component of information security in organizations. The purpose of this research is to descriptively review and classify the current body of knowledge on ISA. A sample of 59 peer-reviewed academic journal articles, which were published over the last decade from 2008 to 2018, were analyzed. Articles were classified using coding techniques from the grounded theory literature-review method. The results show that ISA research is evolving with behavioral research studies still being explored. Quantitative empirical research is the dominant methodology and the top three theories used are general deterrence theory, theory of planned behavior, and protection motivation theory. Future research could focus on qualitative approaches to provide greater depth of ISA understanding.

U2 - 10.1007/978-3-030-43276-8_9

DO - 10.1007/978-3-030-43276-8_9

M3 - Conference contribution

SN - 9783030432751

T3 - Communications in Computer and Information Science (CCIS)

SP - 114

EP - 130

BT - Information and cyber security

A2 - Venter, Hein

A2 - Loock, Marianne

A2 - Coetzee, Marijke

A2 - Eloff, Mariki

A2 - Eloff, Jan

PB - Springer

CY - Cham

T2 - 18th International Information Security South Africa Conference

Y2 - 15 August 2019 through 15 August 2019

ER -

Hutchinson G, Ophoff J. A descriptive review and classification of organizational information security awareness research. In Venter H, Loock M, Coetzee M, Eloff M, Eloff J, editors, Information and cyber security: 18th International conference, ISSA 2019, Johannesburg, South Africa, August 15, 2019, proceedings. Cham: Springer. 2020. p. 114-130. (Communications in Computer and Information Science (CCIS)). https://doi.org/10.1007/978-3-030-43276-8_9

A descriptive review and classification of organizational information security awareness research

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this