| Identifying Strategies to Address Human Cybersecurity Behavior: A Review Study |
|
Hakami, Mazen
(University of Jeddah, College of Computer Science and Engineering)
Alshaikh, Moneer (University of Jeddah, College of Computer Science and Engineering) |
| 1 | T. Y. Wang and F. H. Wen, "Research on Employee Attribute Correlation of Information Security Awareness in Organization," in International Conference on Artificial Life and Robotics (ICAROB), Japan, 2019, pp. 63-65, OITA: Alife Robotics Co, Ltd, 2019. |
| 2 | A. Tolah, S. M. Furnell, and M. Papadaki, "A Comprehensive Framework for Understanding Security Culture in Organizations," in IFIP World Conference on Information Security Education, 2019, pp. 143-156: Springer. |
| 3 | A. Da Veiga, L. V. Astakhova, A. Botha, and M. Herselman, "Defining organisational information security culture-Perspectives from academia and industry," Computers & Security, vol. 92, p. 101713, 2020. DOI |
| 4 | F. Nel and L. Drevin, "Key elements of an information security culture in organisations," Information & Computer Security, vol. 27, no. 2, pp. 146-164, 2019. DOI |
| 5 | S. Stolfo, S. M. Bellovin, and D. Evans, "Measuring Security," IEEE Security & Privacy, vol. 9, no. 3, pp. 60-65, 2011. |
| 6 | A. AlHogail and A. Mirza, "Information security culture: A definition and a literature review," in 2014 World Congress on Computer Applications and Information Systems (WCCAIS), 2014, pp. 1-7. |
| 7 | M. Alshaikh, S. B. Maynard, and A. Ahmad, "Applying social marketing to evaluate current security education training and awareness programs in organisations," Computers & Security, vol. 100, p. 102090, 2021/01/01/ 2021. DOI |
| 8 | Verizon, "Data Breach Investigations Report," Verizon Enterprises, 2019," ed, 2019. |
| 9 | A. Kovacevic, N. Putnik, and O. Toskovic, "Factors Related to Cyber Security Behavior," (in English), Ieee Access, Article vol. 8, pp. 125140-125148, 2020. DOI |
| 10 | N. H. Abd Rahim, S. Hamid, M. L. M. Kiah, S. Shamshirband, and S. Furnell, "A systematic review of approaches to assessing cybersecurity awareness," Kybernetes, 2015. |
| 11 | R. Alavi, S. Islam, and H. Mouratidis, "An information security risk-driven investment model for analysing human factors," Information & Computer Security, 2016. |
| 12 | ENISA, "Cyber security culture in organisations. European Union Agency for Network and Information Systems.," 2018, Available: https://www.enisa.europa.eu/publications/cyber-security-culture-in-organisations. |
| 13 | A. N. Singh, A. Picot, J. Kranz, M. Gupta, and A. Ojha, "Information security management (ISM) practices: Lessons from select cases from India and Germany," Global Journal of Flexible Systems Management, vol. 14, no. 4, pp. 225-239, 2013. DOI |
| 14 | M. Alshaikh, "Information security management practices in organisations," 2018. |
| 15 | M. Evans, L. A. Maglaras, Y. He, and H. Janicke, "Human behaviour as an aspect of cybersecurity assurance," Security and Communication Networks, vol. 9, no. 17, pp. 4667-4679, 2016. DOI |
| 16 | P. Balozian, D. Leidner, and M. Warkentin, "Managers' and Employees' Differing Responses to Security Approaches," Journal of Computer Information Systems, vol. 59, no. 3, pp. 197-210, 2019/05/04 2019. DOI |
| 17 | A. Shameli-Sendi, R. Aghababaei-Barzegar, and M. Cheriet, "Taxonomy of information security risk assessment (ISRA)," Computers & Security, vol. 57, pp. 14-30, 2016/03/01/ 2016. DOI |
| 18 | S. V. Flowerday and T. Tuyikeze, "Information security policy development and implementation: The what, how and who," Computers & Security, vol. 61, pp. 169-183, 8// 2016. DOI |
| 19 | A. Tsohou, M. Karyda, S. Kokolakis, and E. Kiountouzis, "Managing the introduction of information security awareness programmes in organisations," European Journal of Information Systems, vol. 24, no. 1, pp. 38-58, 2015. DOI |
| 20 | M. Alshaikh, S. B. Maynard, A. Ahmad, and S. Chang, "An Exploratory Study of Current Information Security Training and Awareness Practices in Organizations," presented at the Proceedingsofthe51st Hawaii International Conference on System Sciences, Hawaii, US, 2018. |
| 21 | H. W. Glaspie and W. Karwowski, "Human factors in information security culture: A literature review," in International Conference on Applied Human Factors and Ergonomics, 2017, pp. 269-280: Springer. |
| 22 | H. Altukruni, S. B. Maynard, M. Alshaikh, and A. Ahmad, "Exploring Knowledge Leakage Risk in Knowledge-Intensive Organisations: behavioural aspects and key controls," presented at the ACIS, Perth, Australia, 2019. |
| 23 | R. Alavi, S. Islam, H. Jahankhani, and A. Al-Nemrat, "Analyzing human factors for an effective information security management system," International Journal of Secure Software Engineering (IJSSE), vol. 4, no. 1, pp. 50-74, 2013. DOI |
| 24 | E. Metalidou, C. Marinagi, P. Trivellas, N. Eberhagen, C. Skourlas, and G. Giannakopoulos, "The human factor of information security: Unintentional damage perspective," Procedia-Social and Behavioral Sciences, vol. 147, pp. 424-428, 2014. DOI |
| 25 | C. Nobles, "Botching human factors in cybersecurity in business organizations," HOLISTICA-Journal of Business and Public Administration, vol. 9, no. 3, pp. 71-88, 2018. DOI |
| 26 | L. Hadlington, "Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours," Heliyon, vol. 3, no. 7, p. e00346, 2017. DOI |
| 27 | G. Ogutcu, O. M. Testik, and O. Chouseinoglou, "Analysis of personal information security behavior and awareness," Computers & Security, vol. 56, pp. 83-93, 2// 2016. DOI |
| 28 | A. Farooq, J. Isoaho, S. Virtanen, and J. Isoaho, "Information security awareness in educational institution: An analysis of students' individual factors," in 2015 IEEE Trustcom/BigDataSE/ISPA, 2015, vol. 1, pp. 352-359: IEEE. |
| 29 | N. Badie and A. H. Lashkari, "A new evaluation criteria for effective security awareness in computer risk management based on AHP," Journal of Basic and Applied Scientific Research, vol. 2, no. 9, pp. 9331-9347, 2012. |
| 30 | W. L. Neuman, "Social research methods: Qualitative and quantitative approaches," 2006. |
| 31 | M. Alshaikh, A. Ahmad, S. Maynard, and S. Chang, "Towards a Taxonomy of Information Security Management Practices in Organisations," in 25th Australasian Conference on Information Systems, Auckland, New Zealand, 2014. |
| 32 | M. Sas, G. Reniers, K. Ponnet, and W. Hardyns, "The impact of training sessions on physical security awareness: Measuring employees' knowledge, attitude and self-reported behaviour," (in English), Safety Science, Article vol. 144, p. 8, Dec 2021, Art. no. 105447. |
| 33 | J. Abawajy, "User preference of cyber security awareness delivery methods," (in English), Behaviour & Information Technology, vol. 33, no. 3, pp. 237-248, Mar 4 2014. DOI |
| 34 | A. AlHogail, "Design and validation of information security culture framework," Computers in Human Behavior, vol. 49, pp. 567-575, 2015. DOI |
| 35 | D. Ki-Aries and S. Faily, "Persona-centred information security awareness," Computers & Security, vol. 70, pp. 663-674, 2017/09/01/ 2017. DOI |
| 36 | M. Alshaikh and B. Adamson, "From awareness to influence: toward a model for improving employees' security behaviour," Personal and Ubiquitous Computing, 2021/03/15 2021. |
| 37 | J. Jang-Jaccard and S. Nepal, "A survey of emerging threats in cybersecurity," Journal of Computer and System Sciences, vol. 80, no. 5, pp. 973-993, 2014. DOI |
| 38 | P. Carpenter, Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us about Driving Secure Behaviors. John Wiley & Sons, 2019. |
| 39 | A. Wiley, A. McCormac, and D. Calic, "More than the individual: Examining the relationship between culture and Information Security Awareness," Computers & Security, vol. 88, p. 101640, 2020. DOI |
| 40 | M. Warkentin and R. Willison, "Behavioral and policy issues in information systems security: the insider threat," European Journal of Information Systems, vol. 18, no. 2, pp. 101-105, 2009/04/01 2009. DOI |
| 41 | M. Pattinson, M. Butavicius, K. Parsons, A. McCormac, and D. Calic, "Factors that influence information security behavior: An Australian web-based study," in International Conference on Human Aspects of Information Security, Privacy, and Trust, 2015, pp. 231-241: Springer. |
| 42 | C. Okoli and K. Schabram, "A guide to conducting a systematic literature review of information systems research," Sprouts: Working Papers on Information Systems, 2010. |
| 43 | V. Ismatullina and I. Voronin, "Gender differences in the relationships between Big Five personality traits and intelligence," Procedia-Social and Behavioral Sciences, vol. 237, pp. 638-642, 2017. DOI |
| 44 | M. Anwar, W. He, I. Ash, X. Yuan, L. Li, and L. Xu, "Gender difference and employees' cybersecurity behaviors," Computers in Human Behavior, vol. 69, pp. 437-443, 2017. DOI |
| 45 | P. Carey, Data protection: a practical guide to UK and EU law. Oxford University Press, Inc., 2018. |
| 46 | I. Chong, A. Xiong, and R. W. Proctor, "Human factors in the privacy and security of the internet of things," Ergonomics in design, vol. 27, no. 3, pp. 5-10, 2019. DOI |
| 47 | M. Alshaikh, "Developing cybersecurity culture to influence employee behavior: A practice perspective," Computers & Security, vol. 98, p. 102003, 2020/11/01/ 2020. DOI |
| 48 | T. Cuchta et al., "Human risk factors in cybersecurity," in Proceedings of the 20th Annual SIG Conference on Information Technology Education, 2019, pp. 87-92. |
 |
Korea Institute of Science and Technology Information
Gwahangno, Yuseong-gu, Daejeon, 305-806, Korea TEL : +82-42-869-1752
Copyright (c) 2009 KISTI. All Rights Reserved. For more information mail to
webmaster
