We review key literature on information security culture that was published in the period during 2003 - 2013. The objective was to identify the frameworks that were proposed to establish and maintain information security culture inside organizations. Moreover, other issues were investigated, such as the appropriate definition, and methodology used in this field of research. The review identified 62 papers that were published in that period (2003-2013) and were focused on information security culture in organizations as a main topic of that paper.
Areej AlHogail and Abdulrahman Mirza. Information security culture: a definition and a literature review. In Computer Applications and Information Systems (WCCAIS), 2014 World Congress On, 1–7. IEEE, 2014.
@inproceedings{alhogail_information_2014,
author = {AlHogail, Areej and Mirza, Abdulrahman},
booktitle = {Computer {{Applications}} and {{Information Systems}} ({{WCCAIS}}), 2014 {{World Congress}} On},
pages = {1--7},
publisher = {{IEEE}},
shorttitle = {Information Security Culture},
title = {Information Security Culture: A Definition and a Literature Review},
year = {2014}
}