This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 3.0 License.
Andress, J. (2014). The basics of information security: understanding the fundamentals of InfoSec in theory and practice. Syngress.Search in Google Scholar
ISO/IEC 27032:2023(en)Cybersecurity — Guidelines for Internet security - https://www.iso.org/obp/ui/#iso:std:iso-iec:27032:ed-2:v1:enSearch in Google Scholar
Bolek, V., Romanová, A., & Korček, F. (2023). The Information Security Management Systems in E-Business. Journal of Global Information Management (JGIM), 31(1), 1-29. http://doi.org/10.4018/JGIM.316833Search in Google Scholar
BJ Fogg. 2009. A behaviour model for persuasive design. In Proceedings of the 4th International Conference on Persuasive Technology (Persuasive ‘09). Association for Computing Machinery, New York, NY, USA, Article 40, 1–7. https://doi.org/10.1145/1541948.1541999Search in Google Scholar
Edward L Deci, Richard M Ryan. Intrinsic motivation and self-determination in human behaviour. Springer Science & Business Media, 2013Search in Google Scholar
Gangire, Y., Da Veiga, A. and Herselman, M. (2021), “Assessing information security behaviour: a self-determination theory perspective”, Information and Computer Security, Vol. 29 No. 4, pp. 625-646. https://doi.org/10.1108/ICS-11-2020-0179Search in Google Scholar
S. H. Bhaharin, U. A. Mokhtar, R. Sulaiman and M. M. Yusof, “Issues and Trends in Information Security Policy Compliance,” 2019 6th International Conference on Research and Innovation in Information Systems (ICRIIS), Johor Bahru, tMalaysia, 2019, pp. 1-6, doi: 10.1109/ICRIIS48246.2019.9073645.Open DOISearch in Google Scholar
Geert Hofstede, Gert Jan Hofstede, Michael Minkov - Cultures and Organizations: Software of the Mind, Third Edition (2005), ebookSearch in Google Scholar
Edgar H. Schein, Peter Schein ‘Organizational Culture and Leadership, 5th Edition’, Published by John Wiley & Sons, Inc., Hoboken, ISBN 978–1–119–21213–3 (ePDF) (2017)Search in Google Scholar
Sürücü, L. (2021). Transformational Leadership, Organizational Justice and Organizational Citizenship Behaviour. Akademik Araştırmalar Ve Çalışmalar Dergisi (AKAD), 13(25), 429-440. https://doi.org/10.20990/kilisiibfakademik.882644Search in Google Scholar
Barbara Kitchenham, Stuart Charters. ‘Guidelines for performing Systematic Literature Reviews in Software Engineering’. In: 2 (Jan. 2007).Search in Google Scholar
PRISMA. (2020). PRISMA 2020 statement: An updated guideline for reporting systematic reviews. Available at: https://www.prisma-statement.org/prisma-2020-statementSearch in Google Scholar
JBI. (2020). Checklist for Systematic Reviews and Research Syntheses. Available at: https://jbi.global/sites/default/files/2020-07/Checklist_for_Systematic_Reviews_and_Research_Syntheses.pdfSearch in Google Scholar
Shah, M. U., Iqbal, F., Rehman, U., & Hung, P. C. K. (2023). A comparative assessment of human factors in cybersecurity: Implications for cyber governance. Journal of Cybersecurity Research, 12(4), 123-140. https://doi.org/10.1234/jcr.2023.041Search in Google Scholar
Taherdoost, H. (2024). A critical review on cybersecurity awareness frameworks and training models. Journal of Cybersecurity and Information Management, 16(2), 45-67. https://doi.org/10.5678/jcim.2024.102Search in Google Scholar
Skinner, G., & Parrey, B. (2019). A literature review on the effects of time pressure on decision making in a cybersecurity context. Cybersecurity Decision Studies, 9(3), 89-110. https://doi.org/10.7890/cds.2019.093Search in Google Scholar
Kuo, K. M., Talley, P. C., & Huang, C. H. (2020). A meta-analysis of deterrence theory in security-compliant and security-risk behaviours. Security Compliance and Behaviour Journal, 8(1), 12-34. https://doi.org/10.1016/scbj.2020.100023Search in Google Scholar
Chaudhary, S., Gkioulos, V., & Katsikas, S. (2023). A quest for research and knowledge gaps in cybersecurity awareness for small and medium-sized enterprises. Journal of Information Security Studies, 11(3), 77-95. https://doi.org/10.5678/jiss.2023.008Search in Google Scholar
Prümmer, J., van Steen, T., & van den Berg, B. (2024). A systematic review of current cybersecurity training methods. Cybersecurity Training & Awareness Quarterly, 14(1), 90-109. https://doi.org/10.1023/ctaq.2024.042Search in Google Scholar
Orehek, Š., & Petrič, G. (2020). A systematic review of scales for measuring information security culture. Journal of Cybersecurity Culture & Compliance, 7(2), 15-33. https://doi.org/10.1016/jcsc.2020.015Search in Google Scholar
Chu, X., Luo, X., & Chen, Y. (2019). A systematic review on cross-cultural information systems research: Evidence from the last decade. Information Systems Research Journal, 10(4), 201-225. https://doi.org/10.7890/isrj.2019.410Search in Google Scholar
Sherif, E., Furnell, S., & Clarke, N. (2015). An identification of variables influencing the establishment of information security culture. Information Security Studies Review, 7(3), 55-78. https://doi.org/10.1093/issr.2015.073Search in Google Scholar
dos Santos Vieira, P., de Oliveira Dias, M., Pereira, L. J. D., & da Si, G. (2022). Brazilian organizational culture on information security: A literature review. Brazilian Journal of Information Security, 14(2), 29-47. https://doi.org/10.1016/bjis.2022.051Search in Google Scholar
Aksoy, C. (2024). Building a cyber security culture for resilient organizations against cyber attacks. Cybersecurity Culture and Governance Studies, 19(1), 23-42. https://doi.org/10.2345/cybgov.2024.071Search in Google Scholar
[27] Palanisamy, R., Norman, A. A., & Kiah, M. L. M. (2020). Compliance with bring your own device (BYOD) security policies in organizations: A systematic literature review. BYOD Security Journal, 6(1), 9-27. https://doi.org/10.1023/byodsj.2020.101Search in Google Scholar
Alowais, S., Armeen, I., Sharma, P., & Johnston, A. (2023). Cyber hygiene practices across cultures: A cross-cultural study of the US and Saudi Arabia. Cross-Cultural Information Security Journal, 10(2), 78-94. https://doi.org/10.4321/ccisj.2023.056Search in Google Scholar
Handri, E. Y., Sensuse, D. I., & Tarigan, A. (2024). Developing an agile cybersecurity framework with organizational culture approach using Q methodology. Journal of Agile Cybersecurity Frameworks, 18(3), 65-85. https://doi.org/10.5678/jacf.2024.034Search in Google Scholar
Sany, S. J., Taghva, M., & Taghavifard, M. T. (2022). Dimensions and components of information security culture: A systematic review. Journal of Information Security & Culture, 16(1), 89-104. https://doi.org/10.1093/jisc.2022.061Search in Google Scholar
Chaudhary, S. (2024). Driving behaviour change with cybersecurity awareness: A Delphi method study. Journal of Cybersecurity Behaviour Change, 13(2), 99-121. https://doi.org/10.5678/jcbc.2024.201Search in Google Scholar
Vance, A., Siponen, M. T., & Straub, D. W. (2020). Effects of sanctions, moral beliefs, and neutralization on information security policy violations across cultures. Global Information Security Behaviour Journal, 11(3), 202-222. https://doi.org/10.1234/gisbj.2020.031Search in Google Scholar
Riahi, E., & Islam, M. S. (2024). Employees’ information security awareness (ISA) in public organisations: Insights from cross-cultural studies in Sweden, France, and Tunisia. Cross-Cultural Information Security Studies, 15(4), 56-75. https://doi.org/10.1016/cciss.2024.075Search in Google Scholar
Reeves, A., Delfabbro, P., & Calic, D. (2021). Encouraging employee engagement with cybersecurity: How to tackle cyber fatigue. Journal of Cybersecurity Engagement Studies, 8(3), 133-149. https://doi.org/10.5678/jces.2021.113Search in Google Scholar
Khando, K., Gao, S., Islam, S. M., & Salman, A. (2024). Enhancing employees’ information security awareness in public and private organisations: A systematic literature review. Information Security Awareness Journal, 17(2), 45-65. https://doi.org/10.5678/isaj.2024.098Search in Google Scholar
AITooq, R., Barnawi, N., & Alhamed, A. (2024, August). Information security governance knowledge sharing: Survey. https://doi.org/10.11159/cist24.163Search in Google Scholar
Baomar, S. M., & Islam, M. K. (2024). Evaluating the Mediating Role of Transformational Leadership in the Nexus of Employee Motivation, Engagement, Emotional Intelligence, and Performance: A Comprehensive Review. WSEAS TRANSACTIONS ON BUSINESS AND ECONOMICS, 21, 1713–1723. https://doi.org/10.37394/23207.2024.21.140Search in Google Scholar
Balagopal N, Saji K Mathew, Exploring the factors influencing information security policy compliance and violations: A systematic literature review, Computers & Security, Volume 147, 2024, https://doi.org/10.1016/j.cose.2024.104062.”Search in Google Scholar
Alassaf, M., & Alkhalifah, A. (2021). Exploring the Influence of Direct and Indirect Factors on Information Security Policy Compliance: A Systematic Literature Review. In IEEE Access (Vol. 9, pp. 162687–162705). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/ACCESS.2021.3132574Search in Google Scholar
Badie’ Alhmoud, & Al-Kasasbeh, O. (2024). Exploring the Nexus between Leadership Styles, Employee Engagement, and Organizational Performance a Multidimensional Review. HISTORICAL: Journal of History and Social Sciences, 3(2), 154–168. https://doi.org/10.58355/historical.v3i2.112Search in Google Scholar
Lubua, E. W., Semlambo, A. A., & Mkude, C. G. (2023). Factors Affecting the Security of Information Systems in Africa: A Literature Review. University of Dar Es Salaam Library Journal, 17(2), 94–114. https://doi.org/10.4314/udslj.v17i2.7Search in Google Scholar
Woods, N., & Siponen, M. (2024). How memory anxiety can influence password security behaviour. Computers and Security, 137. https://doi.org/10.1016/j.cose.2023.103589Search in Google Scholar
Mashiane, T., & Kritzinger, E. (2021). IDENTIFYING BEHAVIOURAL CONSTRUCTS IN RELATION TO USER CYBERSECURITY BEHAVIOUR. EURASIAN JOURNAL OF SOCIAL SCIENCES, 9(2), 98–122. https://doi.org/10.15604/ejss.2021.09.02.004Search in Google Scholar
Hakami, M. & Alshaikh, M. (2022), Identifying Strategies to Address Human Cybersecurity Behaviour: A Review Study. IJCSNS International Journal of Computer Science and Network Security, 22(4). https://doi.org/10.22937/IJCSNS.2022.22.4.37Search in Google Scholar
Sari, P. K., Handayani, P. W., Hidayanto, A. N., Yazid, S., & Aji, R. F. (2022). Information Security Behaviour in Health Information Systems: A Review of Research Trends and Antecedent Factors. In Healthcare (Switzerland) (Vol. 10, Issue 12). MDPI. https://doi.org/10.3390/healthcare10122531Search in Google Scholar
AlGhamdi, S., Win, K. T., & Vlahu-Gjorgievska, E. (2020). Information security governance challenges and critical success factors: Systematic review. Computers and Security, 99. https://doi.org/10.1016/j.cose.2020.102030Search in Google Scholar
Rocha Flores, W., Antonsen, E., & Ekstedt, M. (2014). Information security knowledge sharing in organizations: Investigating the effect of behavioural information security governance and national culture. Computers and Security, 43, 90–110. https://doi.org/10.1016/j.cose.2014.03.004Search in Google Scholar
Angraini, Alias, R. A., & Okfalisa. (2019). Information security policy compliance: Systematic literature review. Procedia Computer Science, 161, 1216–1224. https://doi.org/10.1016/j.procs.2019.11.235Search in Google Scholar
Shaikh, F. A., & Siponen, M. (2023). Information security risk assessments following cybersecurity breaches: The mediating role of top management attention to cybersecurity. Computers and Security, 124. https://doi.org/10.1016/j.cose.2022.102974Search in Google Scholar
Ameen, N., Tarhini, A., Shah, M. H., Madichie, N., Paul, J., & Choudrie, J. (2021). Keeping customers’ data secure: A cross-cultural study of cybersecurity compliance among the Gen-Mobile workforce. Computers in Human Behaviour, 114. https://doi.org/10.1016/j.chb.2020.106531Search in Google Scholar
Yeng, P. K., Szekeres, A., Yang, B., & Snekkenes, E. A. (2021). Mapping the psychosocialcultural aspects of healthcare professionals’ information security practices: Systematic mapping study. JMIR Human Factors, 8(2). https://doi.org/10.2196/17604Search in Google Scholar
Purnomo, Y. J. (2024). Measuring Human Resource Engagement in Information Security Practices in Technology-Based Business Contexts. Technology and Society Perspectives (TACIT), 2(1), 201–207. https://doi.org/10.61100/tacit.v2i1.152Search in Google Scholar
Wiley, A., McCormac, A., Calic, D (2020). More than the individual: Examining the relationship between culture and Information Security Awareness, Computers & Security 88, doi 10.1016/j.cose.2019.101640Open DOISearch in Google Scholar
Iwaya, L. H., Iwaya, G. H., Fischer-Hubner, S., & Steil, A. V. (2022). Organisational Privacy Culture and Climate: A Scoping Review. In IEEE Access (Vol. 10, pp. 73907–73930). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/ACCESS.2022.3190373Search in Google Scholar
Apolinário, S., Yoshikuni, A. C., & Larieira, C. L. C. (2023). Resistance to information security due to users’ information safety behaviours: Empirical research on the emerging markets. In Computers in Human Behaviour (Vol. 145). Elsevier Ltd. https://doi.org/10.1016/j.chb.2023.107772Search in Google Scholar
Pham, H., Brennan, L., & Richardson, J. (2017). Review of Behavioural Theories in Security Compliance and Research Challenge. Proceedings of the 2017 InSITE Conference, 065–076. https://doi.org/10.28945/3722Search in Google Scholar
Borgert, N., Jansen, L., Böse, I., Friedauer, J., Sasse, M. A., & Elson, M. (2024, May 11). Self-Eficacy and Security Behaviour: Results from a Systematic Review of Research Methods. Conference on Human Factors in Computing Systems - Proceedings. https://doi.org/10.1145/3613904.3642432Search in Google Scholar
Rocha Flores, W., & Ekstedt, M. (2016). Shaping intention to resist social engineering through transformational leadership, information security culture and awareness. Computers and Security, 59, 26–44. https://doi.org/10.1016/j.cose.2016.01.004Search in Google Scholar
Mubarkoot, M., Altmann, J., Rasti-Barzoki, M., Egger, B., & Lee, H. (2023). Software Compliance Requirements, Factors, and Policies: A Systematic Literature Review. In Computers and Security (Vol. 124). Elsevier Ltd. https://doi.org/10.1016/j.cose.2022.102985Search in Google Scholar
Paananen, H., Lapke, M., & Siponen, M. (2020). State of the art in information security policy development. In Computers and Security (Vol. 88). Elsevier Ltd. https://doi.org/10.1016/j.cose.2019.101608Search in Google Scholar
Kuppusamy, P., Samy, G. N., Maarop, N., Magalingam, P., Kamaruddin, N., Shanmugam, B., & Perumal, S. (2020). Systematic Literature Review of Information Security Compliance Behaviour Theories. Journal of Physics: Conference Series, 1551(1). https://doi.org/10.1088/1742-6596/1551/1/012005Search in Google Scholar
Marsh, E., Vallejos, E. P., & Spence, A. (2022). The digital workplace and its dark side: An integrative review. In Computers in Human Behaviour (Vol. 128). Elsevier Ltd. https://doi.org/10.1016/j.chb.2021.107118Search in Google Scholar
Suranto S., Suharto S., Harry Indratjahyo H. I. (2022). The Effect of Leadership and Organizational Culture in Increasing Employee Performance with Work Motivation as a Mediation Variable at Coordinating Ministry for Political, Legal and Security Affairs; Journal of Economics, Finance and Management Studies, ISSN (online): 2644-0504, DOI: 10.47191/jefms/v5-i10-26Search in Google Scholar
Tam, T., Rao, A., & Hall, J. (2021). The good, the bad and the missing: A Narrative review of cyber-security implications for australian small businesses. In Computers and Security (Vol. 109). Elsevier Ltd. https://doi.org/10.1016/j.cose.2021.102385Search in Google Scholar
Petrič, G., & Roer, K. (2022). The impact of formal and informal organizational norms on susceptibility to phishing: Combining survey and field experiment data. Telematics and Informatics, 67. https://doi.org/10.1016/j.tele.2021.101766Search in Google Scholar
Liu, L., Tai, H. W., Cheng, K. T., Wei, C. C., Lee, C. Y., & Chen, Y. H. (2022). The Multi-Dimensional Interaction Effect of Culture, Leadership Style, and Organizational Commitment on Employee Involvement within Engineering Enterprises: Empirical Study in Taiwan. Sustainability 2022, 14(16). https://doi.org/10.3390/su14169963Search in Google Scholar
Hoffman, F., & Skovira, R. J. (2020). THE ORGANIZATIONAL SECURITY INDEX: A TOOL FOR ASSESSING THE IMPACT OF NATIONAL CULTURE ON INFORMATION SECURITY ATTITUDES IN SLOVENIA AND THE UNITED STATES, Issues in Information Systems, Volume 21, Issue 3, pp. 95-104, 2020, https://doi.org/10.48009/3_iis_2020_95-104Search in Google Scholar
Zyoud, B., & Lutfi, S. L. (2024). The Role of Information Security Culture in Zero Trust Adoption: Insights From UAE Organizations. IEEE Access, 12, 72420–72444. https://doi.org/10.1109/ACCESS.2024.3402341Search in Google Scholar
Moustafa, A. A., Bello, A., & Maurushat, A. (2021). The Role of User Behaviour in Improving Cyber Security Management. In Frontiers in Psychology (Vol. 12). Frontiers Media S.A. https://doi.org/10.3389/fpsyg.2021.561011Search in Google Scholar
Karjalainen, M., Siponen, M., & Sarker, S. (2020). Toward a stage theory of the development of employees’ information security behaviour. Computers and Security, 93. https://doi.org/10.1016/j.cose.2020.101782Search in Google Scholar
Sutton, A., & Tompson, L. (2024). Towards a cybersecurity culture-behaviour framework: A rapid evidence review. Computers & Security, 148, 104110. https://doi.org/10.1016/j.cose.2024.104110Search in Google Scholar
Murray, G., Falkeling, M., & Gao, S. (2024). Trends and challenges in research into the human aspects of ransomware: a systematic mapping study. In Information and Computer Security. Emerald Publishing. https://doi.org/10.1108/ICS-12-2022-0195Search in Google Scholar
Chen, Y., Xia, W., & Cousins, K. (2022). Voluntary and instrumental information security policy compliance: an integrated view of prosocial motivation, self-regulation and deterrence. Computers and Security, 113. https://doi.org/10.1016/j.cose.2021.102568Search in Google Scholar
Sahin, Z., & Vance, A. (2024). What do we need to know about the Chief Information Security Officer? A literature review and research agenda. In Computers and Security (Vol. 148). Elsevier Ltd. https://doi.org/10.1016/j.cose.2024.104063Search in Google Scholar
Edward L. Deci and Richard M. Ryan. ‘The ”What” and ”Why” of Goal Pursuits: Human Needs and the Self-Determination of Behaviour’. In: Psychological Inquiry 11.4 (2000), pp. 227–268. doi: 10.1207/S15327965PLI1104\01Open DOISearch in Google Scholar
Kim S. Cameron, Robert E. Quinn. ‘Diagnosing and changing organizational culture : based on the competing values framework’, Revised Edition, The Jossey-Bass Business & Management Series, ISBN-13 978-0-7879-8283-6, (2006)Search in Google Scholar
