عنوان مقاله [English]
Creating an information security culture helps to minimize threats, especially threats caused by humans, in order to protect information, and as a result, it leads to the reduction of data breaches or incidents in organizations. No study has been conducted to identify the components of information security culture in the country so far. Information security culture has been investigated and analyzed using different approaches and based on different theories. The purpose of this article is to review the existing researches in the field of information security culture in order to investigate the knowledge resulted and identify the dimensions and components of the information security culture and integrate the literature in this field.
In order to carry out this systematic review, all the studies conducted in the field of information security culture were extracted from reliable databases using relevant keywords. Finally, 310 related articles from 2000 to 2022 were reviewed. Based on the results of this study and according to the purpose of the research, the components and dimensions of information security culture with different approaches and perspectives were identified and compiled.
The research findings indicate that there is no widely accepted set of dimensions and components. Different researchers have considered different dimensions and components for the information security culture. They have used 3 theories and concepts in their studies. The frequency of theories used in different researches was determined and the most commonly used one is Schein’s organizational culture model. Also the mentioned researches have been carried out in various organizations and industries. There is no industry-specific model or framework provided. Also, most of the proposed models or frameworks are descriptive and have not been evaluated, and in terms of geographical division, the researches were also examined and it was found that most of the researches belong to developing countries