Abstract
ABSTRACT In today’s organizational landscape, safeguarding information against both intentional and unintentional insider threats has become a paramount concern. To address this challenge, organizations formulate Information Security Policies (ISP) aimed at maximizing compliance regarding sensitive data and information. However, confining the analysis solely to compliance falls short, as even a minor fraction of non-compliant individuals can lead to significant organizational vulnerabilities. In such scenarios, it becomes imperative for organizations to delve into the intricacies that influence both ISP compliance and noncompliance. While numerous literature reviews have explored factors contributing to ISP compliance, they often treated compliance and noncompliance as mere opposites, neglecting their nuanced differences and the need for a combined perspective. Our study bridges this gap by conducting a comprehensive review of 50 peer-reviewed articles published between 2014 and 2022. This unique undertaking yields three crucial contributions: First, it elucidates the characteristics distinguishing ISP compliance and noncompliance within business contexts. Second, it provides an encompassing explication of the variables influencing both ISP compliance and noncompliance. Most notably, our review culminates in the development of a unified framework that amalgamates existing insights and charts a path for future inquiry.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call