Information security culture: A definition and a literature review

Information security culture guides how things are done in organization in regard to information security, with the aim of protecting the information assets and influencing employees´ security behavior. In this paper, we review key literature on information security culture that was published in the period during 2003-2013. The objective was to identify the frameworks that were proposed to establish and maintain information security culture inside organizations. Moreover, other issues were investigated, such as the appropriate definition, and methodology used in this field of research. The review identified 62 papers that were published in that period (2003-2013) were focused on information security culture in organizations as a main topic of that paper. The review draws the attention to the importance of the information security culture and the need for more investigation in the field to provide a comprehensive framework of the establishment of information security culture within organization.