When it comes to academic research, one of the most challenging tasks can be writing a literature

review. This rings particularly true for subjects as intricate as Information Security. Systematic
Literature Reviews in this field demand a meticulous approach, where every detail must be
thoroughly examined and analyzed.

The difficulty lies in the vast amount of information available. Sorting through numerous articles,
journals, and research papers to find the most relevant and credible sources can be a daunting task.
Additionally, synthesizing these findings into a cohesive narrative that demonstrates a
comprehensive understanding of the topic requires both time and expertise.

As researchers navigate this intricate process, they often find themselves overwhelmed with the sheer
volume of data to sift through, the need for critical analysis, and the pressure to present a well-
structured, coherent review. It's no wonder many scholars seek assistance in this endeavor.

For those facing the challenge of crafting a literature review in Information Security, professional
assistance can make all the difference. ⇒ StudyHub.vip ⇔ offers a solution tailored to the unique
demands of such a task. By ordering from ⇒ StudyHub.vip ⇔, researchers can tap into the expertise
of seasoned professionals who understand the nuances of Information Security literature.

Here are just a few reasons why ⇒ StudyHub.vip ⇔ stands out:

1. Expert Writers: The team comprises experienced writers who specialize in Information
Security. They are well-versed in the latest trends, theories, and methodologies in the field.
2. Customized Approach: Each literature review is crafted with individual requirements in
mind. Whether it's a specific framework, a particular set of sources, or a unique perspective,
⇒ StudyHub.vip ⇔ ensures that the review meets the exact needs of the researcher.
3. Thorough Research: The writers at ⇒ StudyHub.vip ⇔ leave no stone unturned in their
quest for relevant literature. They meticulously comb through databases, journals, and
reputable sources to gather the most current and pertinent information.
4. Plagiarism-Free Content: Originality is paramount. ⇒ StudyHub.vip ⇔ guarantees
plagiarism-free content, ensuring that every literature review is a unique, authentic piece of
work.
5. Timely Delivery: Deadlines are crucial in academia. ⇒ StudyHub.vip ⇔ understands this
and ensures that each literature review is delivered on time, allowing researchers ample time
for review and revisions.

In the intricate world of Information Security literature reviews, ⇒ StudyHub.vip ⇔ offers a beacon
of support. Let the experts handle the complexity while you focus on the core of your research.
Order your literature review today and experience the difference firsthand.
Computing and Advanced Information Management (NCM). RQ1 - What are the methods that exist
in information. In contrast, perceived sanction certainty significantly influences employees’ abusive
behaviors towards ISP. This study’s results have clearly shown that the SCPT and SBT constructs
significantly promote negative attitude towards misbehavior, whereas reducing provocation and
attachment did not significantly reduce insiders’ misbehavior and intention. The purpose of this
study is to review a set of existing. They serve as an objective, comprehensive review of a particular
topic, which, due to a standardized process, should be completely reproducible. This study focused
on automated and manual search processes to gain as many research articles as possible to fulfill the
defined objectives. Table 12 shows author names, methodologies, and observations from the
literature related to value conflicts and noncompliance. 4.2.3. Deterrence and Noncompliance When
considering ISPC research using deterrence techniques from many decades, deterrence proved to be
a significant factor in enforcing ISP compliance and deterring noncompliance behaviors. In this
study, the PMT-based model proposed and tested with 253 end-users, it has been shown that
changing or updating in security policy or procedures makes the continuance of security behavior
difficult, although self-efficacy, perceived threat severity, and perceived threat susceptibility
significantly affect employees’ continue protective behaviors. A meta-analysis combines data from
different studies, effectively creating a larger sample size to improve the quality of information.
International Journal of Environmental Research and Public Health (IJERPH). Value conflicts,
security-related stress, and neutralization, among many other factors, provided significant evidence
towards noncompliance. Section 5 (i.e., discussion) sheds light on the summary of the findings as
well as the theoretical and practical implications of this study. The central theme of the study is
based on the theory of individual and organizational inertia. To the best of our knowledge, none of
the previous systematic literature reviews simultaneously integrated theory and components. RP16
and RP17, use the Risk Assessment Method, RP12 type. It has been discussed in detail that most
employees indulge in risky ISB because of their late results. Furthermore, the study results predicted
that good leadership could increase ISP awareness, which is a significant predictor of ISPC. And
that we hope this allows other researchers to understand. Lastly we look at the appropriateness of the
method quality. Keywords and queries were mapped onto the downloaded articles from reliable
search engines and databases listed in Table 3. To some extent, researchers have successfully
incorporated behavioral theories in the IS context, but still, many gaps remain open. The
transformation process has never been highlighted in the ISPC literature. To transform employees’
noncompliance behavior into compliance behavior, management behaviors, security awareness,
culture, protected motivated behaviors, and deterrence techniques can play a vital role. In the next
section, recommendations and future directions are provided for researchers and managers. 5.3.
Limitations and Future Research A rigorous approach was adopted for the selection of studies in this
review. After all there are five researchers and our main objective is to. The literature review results
indicated that national culture has a variety of effects on employee enforcement behavior. However,
it is the organization’s management’s responsibility to enhance information security awareness among
its employees. Following the research questions, categories and subcategories identified and clarified
every subcategory attribute by open coding. However, in RP2 the paper specifies an advantage of.
Empirical Software Engineering for Software Environments - University of Cali. However based on
the limitation of time and available. Multiple frameworks are available to assess human intentions
towards information security policies, but none of the frameworks can be used as a standard
behavioral process model. The research model tested 526 employees with three different antimalware
security behaviors (i.e., scanning USB with antivirus, avoiding clicking on suspicious emails,
installing appropriate software updates). Education, IEEE Transactions on, August 2014, Volume 57,
issue 3 (pp. 175-181). The researchers proposed elements of SCPT (increase effort and risk to commit
a crime, reduce rewards and provocations and remove excuses) and SBT (commitment, attachment,
involvement with ISP and personal norms) to help positively to promote the negative attitude
towards security misbehavior and intention. The literature about noncompliance behavior suggests
that employees’ noncompliance with ISP can be intentional or unintentional. They have argued that
rational use of section threats develops the attitude of employees. The results showed that awareness
has a positive effect on the attitude, and attitude shapes the early intentions to conform, which later
on become early conformance behavior towards ISP. Information Security Behavior and Information
Security Policy Compliance: A Systematic Literature Review for Identifying the Transformation
Process from Noncompliance to Compliance. Appl. Sci. 2021, 11, 3383. RP15 An Approach to
Perform Quantitative Information Security. The researchers as a whole would agree that the good.
Production System Based on Rough Sets and Bayesian Network. Last, include SETA programs in
the daily work routine so that employees can learn about ISP passively. They provided a multilevel
study design to derive a unified model and test it with three ISP violation scenarios. Second, higher
sociability organizations are less in line with the ISP. Figure 2 presents the studies’ inclusion and
exclusion process Figure 3 exhibits the year wise study inclusion, whereas Figure 4 depicts the
methodologies adopted in each study. Studies have argued that information security culture and
information security awareness are the most influential factors in this regard. Furthermore, the study
results predicted that good leadership could increase ISP awareness, which is a significant predictor
of ISPC. Delete Replies Reply Sam Young 17 May 2018 at 05:45 Thanks David. Section 4 shows a
detailed evaluation of the literature review results. COBRA RP17 COBRA uses the qualitative and
quantative. Editor’s Choice articles are based on recommendations by the scientific editors of MDPI
journals from around the world. Risk Assessment Method for SCADA Information Security,”. The
research questions would be answered and then a general. Security policymakers must take
advantage of this valuable information to enhance compliance intention. Second, PMT will be a good
predictor of ISB if a threat or coping method is specific. Multiple requests from the same IP address
are counted as one view. He concluded that intrinsic motivations (perceived legitimacy, perceived
value congruence) affect employees’ ISB towards ISPC more significantly than extrinsic motivations
(perceived deterrent certainty, perceived deterrent severity). Researchers have suggested many ways
to adopt these standards, but there are behavioral issues in adapting the standards.
Fifth, organizations should provide motivational training, and covey how an employee is an asset to
the organization, and not let somebody use this asset against the organization. It has been shown in
this study that self-justification (to justify the noncompliant act to oneself) and sunk-cost (i.e., lack
of loss acceptance) are the main influential factors for engaging in noncompliant behavior towards
ISP. An introduction to EMB and study design by Connie Schardt (Medical Center Library, Duke
University). However, 80 percent of the respondents of both groups showed their intention to
comply with ISP. In light of the studies mentioned above, the current systematic literature review
will illuminate the studies examining compliance and noncompliance theories and components, but
importantly reviews the literature to draw a behavior transformation process from noncompliance to
compliance. What are the best possible transformation steps of behavior as analyzed in studies from
noncompliance to compliance. On the other hand, if an employee develops an over fulfillment
behavior, then there is a good chance that he will put his extra efforts towards the organization.
Seven categories were identified as factors influencing compliance behaviors. International
Conference on, Intelligent Information Hiding and. Researchers tested protection motivation
behaviors with protection motivation theory (PMT) in the ISPC domain. Employees who have more
control over their coworkers have positive perceived behavioral control effects on tailgating
behaviors; on the other hand, low-status employees with less control over their coworkers adversely
perceived behavioral control effects on tailgating behaviors. This study focused on measuring IT
vision conflict mediation effects on PMT constructs and attitude towards ISP noncompliance. Figure
2 most number of paper were is published in the year. As discussed earlier, a manual search process
has also been performed through search engines and reference lists of related articles. On March 30,
2016, Andrew Duong taught a seminar to students at the Michael DeGroote School of Medicine on
the 6 Steps of the Systematic Review Process. Axial coding is performed by drawing the logical
connection between each category and subcategory. Full texts and downloaded abstracts were
thoroughly explored, and 514 articles were selected in the first phase. In the future, the research
team intends to perform some query-based analysis to validate this process model. This is something
that needs to be paid careful attention to. This literature review revealed that few studies are
focusing on actual compliance behavior. 6. Closing Remarks The current literature review has
revealed behavioral factors, concepts, and theories used for ISPC in the last decade. PLS used for
hypothesis testing. 170 usable responses from a global firm Long-term orientation ISB discourages
consequence-delayed information security violation intention. Your eligibility criteria is what you
plan to include and exclude from your review and should be guided by your research question and
objectives. They have enlisted seven neutralization techniques on how an individual justifies their
criminal activities. In summary, risk assessment is becoming more and more. NIST, CRAMM, ISO
27001 and Fuzzy Mathematics) which. Short queries will be generated in the BPMN-Q language for
every activity to perform validations. Information security risk assessment methods have been. The
central theme of the study is based on the theory of individual and organizational inertia. The meta-
analysis concluded that all deterrence theory constructs have significant effects on compliance
behaviors except sanction severity. Articles are related to information security behavior and
information security policy compliance.
Furthermore, this study has systematically reviewed and analyzed the available literature to gain
insights into the components and theories influencing compliance and noncompliance. Research
shows that about 70% of incidents happened due to human negligence (intentional or unintentional).
Note that from the first issue of 2016, this journal uses article numbers instead of page numbers.
According to a literature review, workers often consider ISPs as difficult to follow, which later
becomes a type of stress known as security-related stress. Behaviors associated with compliance and
noncompliance were analyzed rigorously. The Cochrane Library Includes six databases that contain
different types of high-quality, independent evidence to inform healthcare decision-making, as well
as information about Cochrane groups. This review provided a comprehensive behavior
transformation process. In this review, the researchers reviewed a total of 32 articles and eight
internationally published professional competence frameworks. Empirical Software Engineering for
Software Environments - University of Cali. RP13 Business Process-Based Information Security
Risk. By first doing a precis, students start to see what is important in the article, which will aid their
later write up (see more here ). However, in the second sub-assessment question, it is. Furthermore,
the theory of value-driven proposals based on a qualitative study, which still needs to be tested with
quantitative studies, has been discussed. Review (SLR) there are a few limitations such as not to.
The advantages and disadvantages of these methods was. The assessment of human behavior is a
complicated phenomenon, and several psychological theories have been proposed to cover different
aspects of human behavior. Flow diagram regarding the inclusion and exclusion of studies in this
review. Employees think the security risks are external factors (i.e., perceived externalities), and their
business tasks are more important than the security tasks (triage). This study concluded that
employees consider security tasks to be external and less valued and avoid procrastination and
psychology detachment. OCTAVE can use the information to provide understanding of. PLS used
for hypothesis testing. 170 usable responses from a global firm Long-term orientation ISB
discourages consequence-delayed information security violation intention. An introduction to EMB
and study design by Connie Schardt (Medical Center Library, Duke University). Behavior
transformation from noncompliance to compliance with ISP. For instance, researchers have indicated
that sometimes employees perceive information security as an external stress. Furthermore, current
SLR indicated that information security culture and knowledge are solely based on management
behaviors. Security managers can gain insight from the depicted transformation process towards
various security behaviors and practice it in their organizations. The findings revealed that most
behavioral theories imply that compliance with ISP needs specific competencies, but professional
frameworks lack the ability to present those competencies. Marco Aurelio Gerosa Empirical research
methods for software engineering Empirical research methods for software engineering sarfraznawaz
Ho3313111316 Ho3313111316 IJERA Editor A Federated Search Approach to Facilitate Systematic
Literature Review in Sof. IJET-V2I6P22 IJET-V2I6P22 Critical review of an ERP post-
implementation Article Critical review of an ERP post-implementation Article Next Gen Clinical
Data Sciences Next Gen Clinical Data Sciences Research design decisions and be competent in the
process of reliable data co. They developed a framework to test internal and external motivations’
effects on the ISB of employees.
Third, PMT predicts ISB better for threats related to the individual, not to organizations. Deterrence
techniques, management behaviors, culture, and information security awareness play a vital role in
transforming employees’ noncompliance into compliance behaviors. He examined the intrinsic and
extrinsic motivation models for ISB on 602 employees from different organizations. The research
concluded that work impediments (i.e., daily work stress), positive affect, negative affect, and
computer monitoring influence compliance attitude towards compliance behavior daily. Furthermore,
moral beliefs, coworker compliance, and self-efficacy also influence daily compliance behavior
positively. Journal of Otorhinolaryngology, Hearing and Balance Medicine (JOHBM). Fear and
maladaptive rewards were the neglected elements that were never tested before. DREAD can
identify the threat using the five major attributes. In this study, the researchers elaborated on two
coping mechanisms—procrastination (i.e., saving present time and pushing security tasks for the
future) and psychology detachment (i.e., denial of the importance of security tasks)—which
employees use to avoid security task performance. Significantly, security awareness is the primary
factor contributing to good security culture. We use cookies on our website to ensure you get the
best experience. The study focused on investigating the effects of different status employees’
perceived behavioral control over interactive security threats and controls, including explicitly
tailgating (unauthorized access to a restricted area). This literature review is an effort to develop a
behavioral transformation process of violation to compliance. Employees often consider that
information security is the IT staff’s responsibility, so they themselves are not part of IS security.
Firstly, when assessing the advantages and disadvantages. Likewise, there are similar outcomes for
each behavioral theory used in the IS research. It has been shown in this study that self-justification
(to justify the noncompliant act to oneself) and sunk-cost (i.e., lack of loss acceptance) are the main
influential factors for engaging in noncompliant behavior towards ISP. Furthermore, current SLR
indicated that information security culture and knowledge are solely based on management
behaviors. Cookie Duration Description cookielawinfo-checkbox-necessary 1 year Cookie created by
the GDPR Cookie Consent plugin. Open Science Framework (OSF) is an open source software
project created by the Centre for Open Science to increase reproducibility in research. Information
security and risk assessment method identified. Figure 3 indicates that 12 of the 18 papers were
from. It's highly recommended to check PROSPERO (or other relevant database) to ensure someone
else hasn't already done the exact same review - see below for more information on PROSPERO.
Journal of Experimental and Theoretical Analyses (JETA). It has been shown that all social bond
factors except attachment have significant effects on information security compliance behavior.
Therefore there is likelihood that the data gathering. It is just as important to identify gaps in
knowledge, as this will inform future areas of research. Information Security Behavior and
Information Security Policy Compliance: A Systematic Literature Review for Identifying the
Transformation Process from Noncompliance to Compliance. Appl. Sci. 2021, 11, 3383. The
advantages and disadvantages of these methods was. Table 5 lists area of application and validation
with cited.