Information security awareness and behavior: A theory-based literature review

Download statistics - Document (COUNTER):

Lebek, B.; Uffen, J.; Neumann, M.; Hohler, B.; Breitner, M.H.: Information security awareness and behavior: A theory-based literature review. In: Management Research Review 37 (2014), Nr. 12, S. 1049-1092. DOI: https://doi.org/10.1108/MRR-04-2013-0085

Repository version

To cite the version in the repository, please use this identifier: https://doi.org/10.15488/2736

Selected time period:

year: 
month: 

Sum total of downloads: 1,203




Thumbnail
Abstract: 
Purpose – This paper aims to provide an overview of theories used in the field of employees’ information systems (IS) security behavior over the past decade. Research gaps and implications for future research are worked out by analyzing and synthesizing existing literature. Design/methodology/approach – This paper presents the results of a literature review comprising 113 publications. The literature review was designed to identify applied theories and to understand the cognitive determinants in the research field. A meta-model that explains employees’ IS security behavior is introduced by assembling the core constructs of the used theories. Findings – The paper identified 54 used theories, but four behavioral theories were primarily used: Theory of Planned Behavior (TPB), General Deterrence Theory (GDT), Protection Motivation Theory (PMT) and Technology Acceptance Model (TAM). By synthesizing results of empirically tested research models, a survey of factors proven to have a significant influence on employees’ security behavior is presented. Research limitations/implications – Some relevant publications might be missing within this literature review due to the selection of search terms and/or databases. However, by conduction a forward and a backward search, this paper has limited this error source to a minimum. Practical implications – This study presents an overview of determinants that have been proven to influence employees’ behavioral intention. Based thereon, concrete training and awareness measures can be developed. This is valuable for practitioners in the process of designing Security Education, Training and Awareness (SETA) programs. Originality/value – This paper presents a comprehensive up-to-date overview of existing academic literature in the field of employees’ security awareness and behavior research. Based on a developed meta-model, research gaps are identified and implications for future research are worked out. © Emerald Group Publishing Limited.
License of this version: Es gilt deutsches Urheberrecht. Das Dokument darf zum eigenen Gebrauch kostenfrei genutzt, aber nicht im Internet bereitgestellt oder an Außenstehende weitergegeben werden. Dieser Beitrag ist aufgrund einer (DFG-geförderten) Allianz- bzw. Nationallizenz frei zugänglich.
Document Type: article
Publishing status: publishedVersion
Issue Date: 2014
Appears in Collections:Wirtschaftswissenschaftliche Fakultät

distribution of downloads over the selected time period:

downloads by country:

pos. country downloads
total perc.
1 image of flag of Germany Germany 248 20.62%
2 image of flag of United States United States 202 16.79%
3 image of flag of United Kingdom United Kingdom 89 7.40%
4 image of flag of South Africa South Africa 68 5.65%
5 image of flag of Australia Australia 66 5.49%
6 image of flag of Netherlands Netherlands 62 5.15%
7 image of flag of Malaysia Malaysia 42 3.49%
8 image of flag of Singapore Singapore 39 3.24%
9 image of flag of India India 26 2.16%
10 image of flag of Finland Finland 23 1.91%
    other countries 338 28.10%

Further download figures and rankings:


Hinweis

Zur Erhebung der Downloadstatistiken kommen entsprechend dem „COUNTER Code of Practice for e-Resources“ international anerkannte Regeln und Normen zur Anwendung. COUNTER ist eine internationale Non-Profit-Organisation, in der Bibliotheksverbände, Datenbankanbieter und Verlage gemeinsam an Standards zur Erhebung, Speicherung und Verarbeitung von Nutzungsdaten elektronischer Ressourcen arbeiten, welche so Objektivität und Vergleichbarkeit gewährleisten sollen. Es werden hierbei ausschließlich Zugriffe auf die entsprechenden Volltexte ausgewertet, keine Aufrufe der Website an sich.

Search the repository


Browse