The purpose of this paper is to identify variables that influence compliance with information security policies of organizations and to identify how important these variables are. A systematic review of empirical studies described in extant literature is performed. The investigated variables in studies and the effect size reported for them were extracted and analysed. In the 29 studies, more than 60 variables have been studied in relation to security policy compliance and incompliance. Unfortunately, no clear winners can be found among the variables or the theories they are drawn from. Each of the variables only explains a small part of the variation in people’s behaviour and when a variable has been investigated in multiple studies the findings often show a considerable variation.
Research on the effectiveness of cyber security awareness in ICS Risk Assessment Frameworks
Assessing security awareness among users is essential for protecting industrial control systems (ICSs) from social...