{"title":"探索影响信息安全政策合规和违规的因素:系统文献综述","authors":"Balagopal N, Saji K Mathew","doi":"10.1016/j.cose.2024.104062","DOIUrl":null,"url":null,"abstract":"<div><p>Despite advancements in security technology, the prevalence of insider threats has been on the rise in recent years. Organizations implement Information Security Policies (ISPs) that outline the expected security-related behavior and compliance standards for employees. Ensuring and enhancing ISP compliance and reducing violations is crucial for organizations to maintain their security posture. This Systematic Literature Review (SLR) aims to synthesize the existing research on ISP compliance and violations to identify the underlying factors behind employee policy violations and delve into the factors that promote compliance with ISPs. In order to provide a theoretical foundation for understanding these behaviors, this SLR identifies the prominent theories used to explain ISP compliance and violation. A comprehensive search is conducted across different academic databases, applying defined inclusion and exclusion criteria to select the relevant studies between 2012 and 2023. To understand intentional violations, we categorize and analyze studies on ISP violations based on Moral Disengagement, Neutralization and Deterrence, Stress, and Monitoring mechanisms. For ISP compliance, we categorize and analyze studies based on individual-level decision-making and organizational-level factors. We identified forty-seven factors that influence compliance behavior and forty-one factors that determine non-compliance behavior. Fourteen common factors were identified from prior literature, which were determinants of both compliance and violation behaviors, with opposite directions of influence. By considering both compliance and noncompliance simultaneously, organizations can develop more effective strategies for enhancing compliance and mitigating noncompliance.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8000,"publicationDate":"2024-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Exploring the factors influencing information security policy compliance and violations: A systematic literature review\",\"authors\":\"Balagopal N, Saji K Mathew\",\"doi\":\"10.1016/j.cose.2024.104062\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>Despite advancements in security technology, the prevalence of insider threats has been on the rise in recent years. Organizations implement Information Security Policies (ISPs) that outline the expected security-related behavior and compliance standards for employees. Ensuring and enhancing ISP compliance and reducing violations is crucial for organizations to maintain their security posture. This Systematic Literature Review (SLR) aims to synthesize the existing research on ISP compliance and violations to identify the underlying factors behind employee policy violations and delve into the factors that promote compliance with ISPs. In order to provide a theoretical foundation for understanding these behaviors, this SLR identifies the prominent theories used to explain ISP compliance and violation. A comprehensive search is conducted across different academic databases, applying defined inclusion and exclusion criteria to select the relevant studies between 2012 and 2023. To understand intentional violations, we categorize and analyze studies on ISP violations based on Moral Disengagement, Neutralization and Deterrence, Stress, and Monitoring mechanisms. For ISP compliance, we categorize and analyze studies based on individual-level decision-making and organizational-level factors. We identified forty-seven factors that influence compliance behavior and forty-one factors that determine non-compliance behavior. Fourteen common factors were identified from prior literature, which were determinants of both compliance and violation behaviors, with opposite directions of influence. By considering both compliance and noncompliance simultaneously, organizations can develop more effective strategies for enhancing compliance and mitigating noncompliance.</p></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2024-08-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404824003675\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824003675","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Exploring the factors influencing information security policy compliance and violations: A systematic literature review
Despite advancements in security technology, the prevalence of insider threats has been on the rise in recent years. Organizations implement Information Security Policies (ISPs) that outline the expected security-related behavior and compliance standards for employees. Ensuring and enhancing ISP compliance and reducing violations is crucial for organizations to maintain their security posture. This Systematic Literature Review (SLR) aims to synthesize the existing research on ISP compliance and violations to identify the underlying factors behind employee policy violations and delve into the factors that promote compliance with ISPs. In order to provide a theoretical foundation for understanding these behaviors, this SLR identifies the prominent theories used to explain ISP compliance and violation. A comprehensive search is conducted across different academic databases, applying defined inclusion and exclusion criteria to select the relevant studies between 2012 and 2023. To understand intentional violations, we categorize and analyze studies on ISP violations based on Moral Disengagement, Neutralization and Deterrence, Stress, and Monitoring mechanisms. For ISP compliance, we categorize and analyze studies based on individual-level decision-making and organizational-level factors. We identified forty-seven factors that influence compliance behavior and forty-one factors that determine non-compliance behavior. Fourteen common factors were identified from prior literature, which were determinants of both compliance and violation behaviors, with opposite directions of influence. By considering both compliance and noncompliance simultaneously, organizations can develop more effective strategies for enhancing compliance and mitigating noncompliance.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.