Information security awareness and behavior: A theory-based literature review

Show simple item record

dc.identifier.uri http://dx.doi.org/10.15488/2736
dc.identifier.uri http://www.repo.uni-hannover.de/handle/123456789/2762
dc.contributor.author Lebek, Benedikt
dc.contributor.author Uffen, Jörg
dc.contributor.author Neumann, Markus
dc.contributor.author Hohler, Bernd
dc.contributor.author Breitner, Michael H.
dc.date.accessioned 2018-02-09T09:27:52Z
dc.date.available 2018-02-09T09:27:52Z
dc.date.issued 2014
dc.identifier.citation Lebek, B.; Uffen, J.; Neumann, M.; Hohler, B.; Breitner, M.H.: Information security awareness and behavior: A theory-based literature review. In: Management Research Review 37 (2014), Nr. 12, S. 1049-1092. DOI: https://doi.org/10.1108/MRR-04-2013-0085
dc.description.abstract Purpose – This paper aims to provide an overview of theories used in the field of employees’ information systems (IS) security behavior over the past decade. Research gaps and implications for future research are worked out by analyzing and synthesizing existing literature. Design/methodology/approach – This paper presents the results of a literature review comprising 113 publications. The literature review was designed to identify applied theories and to understand the cognitive determinants in the research field. A meta-model that explains employees’ IS security behavior is introduced by assembling the core constructs of the used theories. Findings – The paper identified 54 used theories, but four behavioral theories were primarily used: Theory of Planned Behavior (TPB), General Deterrence Theory (GDT), Protection Motivation Theory (PMT) and Technology Acceptance Model (TAM). By synthesizing results of empirically tested research models, a survey of factors proven to have a significant influence on employees’ security behavior is presented. Research limitations/implications – Some relevant publications might be missing within this literature review due to the selection of search terms and/or databases. However, by conduction a forward and a backward search, this paper has limited this error source to a minimum. Practical implications – This study presents an overview of determinants that have been proven to influence employees’ behavioral intention. Based thereon, concrete training and awareness measures can be developed. This is valuable for practitioners in the process of designing Security Education, Training and Awareness (SETA) programs. Originality/value – This paper presents a comprehensive up-to-date overview of existing academic literature in the field of employees’ security awareness and behavior research. Based on a developed meta-model, research gaps are identified and implications for future research are worked out. © Emerald Group Publishing Limited. eng
dc.language.iso eng
dc.publisher Bingley : Emerald Group Publishing Ltd.
dc.relation.ispartofseries Management Research Review 37 (2014), Nr. 12
dc.rights Es gilt deutsches Urheberrecht. Das Dokument darf zum eigenen Gebrauch kostenfrei genutzt, aber nicht im Internet bereitgestellt oder an Außenstehende weitergegeben werden. Dieser Beitrag ist aufgrund einer (DFG-geförderten) Allianz- bzw. Nationallizenz frei zugänglich.
dc.subject Behavioral theories eng
dc.subject GDT eng
dc.subject PMT eng
dc.subject Security awareness eng
dc.subject Security behavior eng
dc.subject TAM eng
dc.subject TPB eng
dc.subject.ddc 330 | Wirtschaft ger
dc.title Information security awareness and behavior: A theory-based literature review
dc.type article
dc.type Text
dc.relation.issn 2040-8269
dc.relation.doi https://doi.org/10.1108/MRR-04-2013-0085
dc.bibliographicCitation.issue 12
dc.bibliographicCitation.volume 37
dc.bibliographicCitation.firstPage 1049
dc.bibliographicCitation.lastPage 1092
dc.description.version publishedVersion
tib.accessRights frei zug�nglich


Files in this item

This item appears in the following Collection(s):

Show simple item record

 

Search the repository


Browse

My Account

Usage Statistics