Crafting a Literature Review on Information Security

Writing a literature review on information security can be a daunting task, requiring extensive
research, critical analysis, and meticulous organization. Information security is a complex and rapidly
evolving field, encompassing a wide range of topics such as cybersecurity, data protection, privacy
laws, and risk management. As such, compiling a comprehensive review of existing literature
demands a deep understanding of these concepts and their interrelationships.

One of the challenges of writing a literature review is sifting through vast amounts of scholarly
articles, research papers, and other academic sources to identify relevant literature. It requires keen
analytical skills to evaluate the credibility, relevance, and significance of each source in relation to the
chosen topic. Furthermore, synthesizing disparate findings and perspectives into a coherent narrative
requires careful planning and synthesis.

Another difficulty in writing a literature review is ensuring that the review is both comprehensive
and up-to-date. With the rapid pace of advancements in information security technology and
practices, new research findings are constantly emerging. Therefore, it is essential to stay abreast of
the latest developments and incorporate them into the review to provide readers with the most
current insights and understanding.

Additionally, maintaining proper citation and referencing throughout the literature review is crucial
to avoid plagiarism and uphold academic integrity. This involves accurately attributing ideas, data,
and conclusions to their respective sources while adhering to citation styles such as APA, MLA, or
Chicago.

Given the complexities and challenges involved in writing a literature review on information
security, it may be beneficial for individuals to seek assistance from professional academic writing
services. ⇒ StudyHub.vip ⇔ offers expert assistance in crafting high-quality literature reviews that
meet the highest standards of academic excellence. With a team of experienced writers who
specialize in information security and related fields, ⇒ StudyHub.vip ⇔ can provide tailored
support to help individuals navigate the complexities of literature review writing and produce
compelling and insightful analyses.

In conclusion, writing a literature review on information security requires a combination of research

skills, critical thinking, and scholarly rigor. By leveraging the expertise of professional academic
writing services like ⇒ StudyHub.vip ⇔, individuals can streamline the process and ensure the
quality and effectiveness of their literature reviews.
It came with increasing flexibility, scalability, and reliability. It is therefore absolutely imperative to
take measures to protect and defend information systems by ensuring their security and non-
repudiation. Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA)
website Includes links to key documents including the PRISMA 2020 Statement, Checklist, Flow
Diagram, and Explanatation and Elaboration, and all PRISMA Extensions. Some of the studies
argued that intention is the strongest predictor of actual compliance. So, the next section will focus
on the contemporary best practices in the. This SLR’s motivation is to synthesize the literature on
ISPC and ISB, identifying the behavioral transformation process from noncompliance to compliance.
Figure 2 presents the studies’ inclusion and exclusion process Figure 3 exhibits the year wise study
inclusion, whereas Figure 4 depicts the methodologies adopted in each study. Risk Assessment in the
last 8 years and mostly have. To mitigate organizational information security threats, most
organizations have adopted standard guidelines provided by the National Institute of Standard and
Technology (NIST). The practitioners must advise the management to provide some rewards to the
most compliant employees to promote ISPC. Baybutt, P. (December 2003). Cyber security
vulnerability analysis: An asset-based approach. Another process taken to assess the quality was via
the sub. Appendix A Table A5 lists all of the significant determinants of compliance behavior. They
provided a multilevel study design to derive a unified model and test it with three ISP violation
scenarios. Cyber security is a risk factor to the success of social networking sites as a business. It has
been shown that monitoring has substantial effects on an increase in assurance behavior, whereas
employees perceived inconvenience (behaviors difficult to adopt) for the employees has adverse
effects on assurance behavior. In order to be human-readable, please install an RSS reader. World
Congress on Software Engineering (WCSE), Wuhan. The researchers intend to solve this problem
with the help of process management tools and techniques. However, in RP2 the paper specifies an
advantage of. A further limitation is that the quality assessment in the. Ali, R.F.; Dominic, P.D.D.;
Ali, S.E.A.; Rehman, M.; Sohail, A. Acknowledgments The authors would also like to thank the
Department of Computer and Information Sciences, Universiti Teknologi PETRONAS, Malaysia,
for facilitating this research study. Fifth, there is still a need to explore more about actual compliance
than intention. Empirical research methods for software engineering Empirical research methods for
software engineering Ho3313111316 Ho3313111316 A Federated Search Approach to Facilitate
Systematic Literature Review in Sof. Furthermore, this study has systematically reviewed and
analyzed the available literature to gain insights into the components and theories influencing
compliance and noncompliance. He concluded that intrinsic motivations (perceived legitimacy,
perceived value congruence) affect employees’ ISB towards ISPC more significantly than extrinsic
motivations (perceived deterrent certainty, perceived deterrent severity). Abstract— This is a
systematic literature review (SLR) regarding. Third, the variance in the findings of the deterrence
effects in various studies is not because of the methodological choices of behavior measurement
(hypothetical and actual or generic and specific). The information on cyber defense was gathered
from literary.
Having these guidelines that have been made from the. Validity of Instruments, Appropriateness of
Designs and Statistics in Article. The study concluded that deterrence has significant effects on
norms, which substantially influences ISP resistance behavior. Feature papers represent the most
advanced research with significant potential for high impact in the field. A Feature. This study
evaluated differences in organizational commitment and perceived organizational support among
permanent and temporary employees. The research considers computer-based systems which
comprise humans as well as hardware and software. IJET-V2I6P22 IJET-V2I6P22 Critical review of
an ERP post-implementation Article Critical review of an ERP post-implementation Article Next
Gen Clinical Data Sciences Next Gen Clinical Data Sciences Research design decisions and be
competent in the process of reliable data co. A detailed comparison of the existing studies’
limitations is presented in Table 1. 3. Methodology The grounded theory approach has been used for
this systematic literature review. Funding This work was funded by the Department of Computer and
Information Sciences, Universiti Teknologi PETRONAS (UTP) under grant cost center YUTP-FRG
Grant (015LCO-171). The assessment of human behavior is a complicated phenomenon, and several
psychological theories have been proposed to cover different aspects of human behavior. It has been
shown that monitoring has substantial effects on an increase in assurance behavior, whereas
employees perceived inconvenience (behaviors difficult to adopt) for the employees has adverse
effects on assurance behavior. This literature review is an effort to develop a behavioral
transformation process of violation to compliance. Studies on SRS, neutralization, and
noncompliance. Understanding and analyzing information became important for organizations.
Preferred Reporting Items for Systematic Review and Meta-Analysis Protocols (PRISMA-P) 2015:
Elaboration and Explanation The PRISMA-P Explanation and Elaboration document provides full
details about the necessity of each checklist item as well as a model example from an existing
published systematic review protocol. Section 2 describes the related literature and its limitations,
together with the motivation for the current review. Risk Assessment Method of Enterprise
Information System. In Table 7, a detailed analysis of the selected studies provided information
about culture and security-aware behaviors’ effects towards compliance. 4.1.5. Management
Behaviors and Compliance The information security of any organization depends on the
management behaviors towards information security policy implementation. The literature review
has presented a process model that needs to be validated. There are a total of five researchers who
will gather. Cyber security provides a risk, because unpleasant experiences by users will diminish
user. Queries and keywords were developed according to research objectives to search databases
enlisted in Table 2. The results showed that the existing compliance checking approaches are not
enough to solve the problem. Mathematics as two research papers came under the same. The
encryption algorithm includes the Key Expansion module which generates Key for all iterations on
the fly, Double AEStwo-key triple AES, AESX and AES-EXE. The third is that the perpetrator
claims close ties to the organization. However, in the second sub-assessment question, it is. Protection
motivation theory is used to assess protection motivation behaviors. Threat, Asset and Vulnerability
Evaluation) reviews the. Security Risk Assessment Methodology Research: Group.
It is therefore absolutely imperative to take measures to protect and defend information systems by
ensuring their security and non-repudiation. RP15 An Approach to Perform Quantitative Information
Security. Security Risk Assessment Method in Power Production System. Research shows that about
70% of incidents happened due to human negligence (intentional or unintentional). To some extent,
researchers have successfully incorporated behavioral theories in the IS context, but still, many gaps
remain open. Some of the recommendations have been drawn from peer reviewed studies. A Model
of Decision Support System for Research Topic Selection and Plagiaris. Risk Assessment Method
for SCADA Information Security,”. This literature review revealed that few studies are focusing on
actual compliance behavior. 6. Closing Remarks The current literature review has revealed behavioral
factors, concepts, and theories used for ISPC in the last decade. In brief, this systematic literature
review is expected to contribute to the current body of information systems reviews with a novel
behavior transformation process that will help information security researchers and managers to
understand what causes noncompliance and what strategies enhance compliance behaviors. Cyber
security provides a risk, because unpleasant experiences by users will diminish user. Most common
theories used for noncompliance studies. The study combined the principle of ethical climate
constructs with personal norms (subjective, injective, and descriptive) to measure the ISB. NIST,
CRAMM, ISO 27001 and Fuzzy Mathematics) which. These researchers discussed neutralization
and sanctions in detail. The information on cyber defense was gathered from literary. Therefore, it is
crucial to develop a classification of dependability and security models which can meet the
requirement of professionals in both fault-tolerant computing and security community. After
summarizing the results, it was established that US employees have more adaptive behavior towards
security policies and procedures than Irish employees. Eisgruber, L. M. (December, 1973).
Managerial information and decision systems in the U.S.A. These steps’ layout is based on the
previously described factors and their theoretical underpinnings in Section 5.1. 5.1. Theoretical
Implications Law abidance is a practice that varies from region to region and country to country.
Table 1: Total review papers based on inclusion criteria. Rewards (financial and verbal) were found to
have low influence on insiders’ motivation to comply with ISP. Multiple frameworks are available to
assess human intentions towards information security policies, but none of the frameworks can be
used as a standard behavioral process model. Deterrence (punishment severity, the certainty of
detection) and the norms-based research model were tested on 139 employees from ten different
organizations. All studies have shown that this is the most effective form of motivation. The study
concluded that work climates influence neutralization and beliefs differentially. Where to
prospectively register a systematic review more. less. Pieper, D., Rombey, T. (2022). Where to
prospectively register a systematic review. Ali, Rao Faizan, P. D. D. Dominic, Syed Emad Azhar Ali,
Mobashar Rehman, and Abid Sohail. This study further concluded that socially motivated employees
foster an excellent security culture in an organization. The review of scholarly literature is a step
towards the right.
Understanding and analyzing information became important for organizations. This study concluded
that PMT (perceived vulnerability, response efficacy, and response cost) is the best predictor of ISPC
in higher education. RP7 A Model-based Information Security Risk Assessment Method. An
example of a primary literature source is a peer-reviewed research article. The authors concluded that
permanent employees have more positive behavior towards ISP compliance than temporary
employees. TEOREM RP11 Based Enterprise Objective Risk Evaluation. Having the proper
network system to defend against cyber-attacks is necessary. Fear and maladaptive rewards were the
neglected elements that were never tested before. Journal of Otorhinolaryngology, Hearing and
Balance Medicine (JOHBM). The study proposed that SRS causes frustration and fatigue elements
in employees. RP3 Probit-method for information security risk assessment. In this study, an ISP
compliance competence model was presented and analyzed with professional competency
frameworks. Assessment Method Based on CORAS Frame,” in International. The businesses and
organizations pay fees to the social. This paper sets out a programme of work in the area of
dependability. Another process taken to assess the quality was via the sub. Another major constraint
in this systematic review process. The findings revealed that most behavioral theories imply that
compliance with ISP needs specific competencies, but professional frameworks lack the ability to
present those competencies. Compared to software implementation, hardware implementation of
Rijndael algorithm provides more physical security as well as higher speed to electronic data.
Cybersecurity threat could cause the business to loose customer. Based on Rough Sets and Bayesian
Network,” in in Tenth. A summary of the PMB’s selected literature is provided in Table 6. 4.1.4.
Security Culture, Awareness Behaviors and Compliance Organization management enhances
security-aware behaviors of employees, which later guarantee good security culture. In this paper, we
present a new classification of dependability and security models. The results showed that the
existing compliance checking approaches are not enough to solve the problem. The literature
supports the claim that if an employee is motivated to protect assets or have protection motivation
behavior, they will have substantial chances to comply with ISP. Table 3 demonstrates that 2
particular instances (CORAS. They took nine influential variables and tested them with a survey of
433 employees. A total of 55 semi structured interviews were conducted with IT managers and
professionals and a value-driven information security compliance theory was developed. Baybutt, P.
(December 2003). Cyber security vulnerability analysis: An asset-based approach. It has significant
effects on ISP compliant behavior; furthermore, the psychological contract has more significant
effects on manager groups than employees.
All of the seven techniques were considered significant towards ISPC; moreover, all of the
constructs were significant, but self-efficacy was not significant in this study. A PMT-based research
model was proposed with additional experience factors (psychological ownership, organizational
citizenship, security responsibility). There are a total of five researchers who will gather. Since there
is no fully secured communication system for Web-based systems, communication systems rely
heavily on complex and difficult cipher systems. Cipher systems usually consist of two main parts;
Encryption and Decryption to hide and secure both transmitted data and information on long trunks.
Multimedia Signal Processing (IIH-MSP), Kitakyushu, 2014. The framework was based on
Situational Crime Prevention Theory (SCPT) and Social Bond Theory (SBT). The current review will
also help researchers find the transformation activities and noncompliance behavior events to
compliance behavior. PLS used for result analysis. 615 employees from 48 countries. Complex
security-related requirements cause negligence and deliberate volitional behavior. However out of
those 25 initially selected papers, finally 18. A further limitation is that the quality assessment in the.
There is a significant threat of that information being accessed, disrupted, modified, corrupted, or
destroyed illegally by malicious and unauthorized actors. This study concluded that PMT (perceived
vulnerability, response efficacy, and response cost) is the best predictor of ISPC in higher education.
Journal of Legal, Ethical and Regulatory Issues, 17, (2) 1-15. This study further concluded that
socially motivated employees foster an excellent security culture in an organization. Security Issues
and countermeasures on Cloud Computing. His results summed up social, cognitive, and
psychological factors have significant effects on employees’ ISB. Fourth, technology-based solutions
are needed, for example, compliance management systems, compliance support systems, and
compliance reporting systems. Researchers must see how to incorporate technology in this area and
make ISPC more efficient. Johanna Briggs Institute (JBI) Systematic reviews for publication in JBI
Evidence Synthesis can be registered on this site. This paper sets out a programme of work in the
area of dependability. Their result shows that leadership, management, and security awareness
positively affect the ISB of health employees. In contrast, shame, neutralization, and moral beliefs
significantly affect ISP noncompliance across all global cultures. Moreover, they stated that
researchers must use core and full constructs of protection motivation theories in a correct manner
for measuring protection motivation behaviors. This study focused on measuring IT vision conflict
mediation effects on PMT constructs and attitude towards ISP noncompliance. Social behaviors and
compliance studies are thoroughly summarized in Table 9. 4.1.7. Actual Behavior and Compliance
Most ISPC studies evaluated the employees’ intentions, but intention alone is not enough to measure
one’s behavior. Paper should be a substantial original Article that involves several techniques or
approaches, provides an outlook for. Section 4 shows a detailed evaluation of the literature review
results. Information security and risk assessment method identified. The existing studies further
elaborated that employees justify their wrongdoings in several ways. Solution of this problem is
applying cryptography in wireless networks.