This paper aims to pinpoint the variables that impact compliance with organizational information security policies and to determine their significance. A systematic review of empirical studies from existing literature was conducted, with the variables investigated in these studies and their reported effect sizes being extracted and analyzed. Over 60 variables related to security policy compliance and non-compliance were studied across 29 studies. However, no single variable or originating theory stands out as a clear determinant of compliance behavior. Each variable only accounts for a small portion of the variation in people’s behavior, and when a variable has been studied multiple times, the findings often display significant variation.
Critical success factors for security education, training and awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world....