Information Security Culture Dimensions in Information Security Policy Compliance Study: A Review

摘要

The establishment and cultivation of Information Security Culture (ISC) in an organization can promote desired employees’ behavior in adhering to Information Security Policy (ISP). Some factors of ISC have been investigated in ISP compliance studies, however there is no clearindication numbers of ISC dimensions available and how significant these dimensions’ relation to ISP compliance. This paper review and discusses previous works on ISP compliance studies that using ISC factors as ISC dimensions. All founded key factors of ISC concept from ISC literatureare analyzed and compared against ISC dimensions that have been used in ISP compliance studies. The results have shown that there are still many ISC dimensions available to be investigated in ISP compliance study. These findings also confirm that ISP compliance studies based on organizationalISC were not comprehensive enough in terms of its dimensions which led to limitation in providing a convincing conclusion of ISP compliance based on ISC.