Overview of reviewed articles
| Author | Title | Data collection | Measurement scale |
|---|---|---|---|
| Pollini et al. (2021) | Leveraging human factors in cybersecurity: An integrated methodological approach | SAQ + Interview | HAIS-Q |
| Reeves et al. (2020) | Whose risk is it anyway: How do risk perception and organizational commitment affect employee information security awareness? | SAQ | (HAIS-Q)/Three-Component Organizational Commitment Questionnaire (3C-OCQ)/The Perception of Personal-Risk for InfoSec Threats Scale (PPRITS)/Psychometric Paradigm of InfoSec Threats Scale (PPITS) |
| McCormac et al. (2016) | Individual differences and Information Security Awareness | SAQ | HAIS-Q/The Big Five inventory (BFI)/The Risk Averseness Scale |
| Barlow et al. (2013) | Don’t make excuses! Discouraging neutralization to reduce IT policy violation | Experiment with vignettes | Self-developed scale |
| Merhi and Ahluwalia (2019) | Examining the impact of deterrence factors and norms on resistance to Information Systems Security | SAQ | Self-developed scale |
| Parsons et al. (2014) | Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q) | SAQ | HAIS-Q |
| Parsons et al. (2015) | The influence of organizational information security culture on information security decision making | SAQ | HAIS-Q |
| Li et al. (2019) | Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior | SAQ | Self-developed scale |
| Cindana and Ruldeviyani (2018) | Measuring info sec awareness on employee using HAIS-Q case study at XYZ firm | SAQ | HAIS-Q |
| Niemimaa et al. (2013) | Interpreting information security policy outcomes: A frames of reference perspective | Self-assessment interview | Self-developed scale |
| Al-Omari et al. (2012) | Security policy compliance: User acceptance perspective | SAQ | Self-developed scale |
| Kruger et al. (2020) | Acquiring sentiment towards information security policies through affective computing | Affective computing and Sentiment analysis – AI | |
| Gangire et al. (2020) | Information security behavior: Development of a measurement instrument based on the self-determination theory | SAQ | HAIS-Q/SDT (ISCBMSDT) |
| Goo et al. (2014) | A path to successful management of employee security compliance: An empirical study of information security climate | SAQ | Self-developed scale |
| Liu et al. (2020) | Motivating information security policy compliance: The critical role of supervisor-subordinate guanxi and organizational commitment | SAQ | Self-developed scale |
| Kurowski (2019) | Response biases in policy compliance research | SAQ + Self-assessment on vignettes | Self-reporting policy compliance (SRPC) scale, along with the Marlow–Crowne social desirability (MC-SDB) scale |
| Guhr et al. (2018) | The impact of leadership on employees’ intended information security behavior: An examination of the full‐range leadership theory | SAQ | Multifactor Leadership Questionnaire (MLQ) form 5X‐Short |
| Jalali et al. (2020) | Why employees (still) click on phishing links: Investigation in hospitals | SAQ + Clicking data – Phishing campaign | Self-developed scale |
| Ameen et al. (2021) | Keeping customers’ data secure: A cross-cultural study of cybersecurity compliance among the Gen-Mobile workforce | SAQ | Self-developed scale |
| Chen et al. (2021a) | Understanding inconsistent employee compliance with information security policies through the lens of the extended parallel process model | SAQ + Self-assessment on vignettes | Self-developed scale |
| Y. Chen et al. (2021b) | Voluntary and instrumental information security policy compliance: An integrated view of prosocial motivation, self-regulation and deterrence | SAQ | Self-developed scale |
| Author | Title | Data collection | Measurement scale |
|---|---|---|---|
| Leveraging human factors in cybersecurity: An integrated methodological approach | SAQ + Interview | HAIS-Q | |
| Whose risk is it anyway: How do risk perception and organizational commitment affect employee information security awareness? | SAQ | (HAIS-Q)/Three-Component Organizational Commitment Questionnaire (3C-OCQ)/The Perception of Personal-Risk for InfoSec Threats Scale (PPRITS)/Psychometric Paradigm of InfoSec Threats Scale (PPITS) | |
| Individual differences and Information Security Awareness | SAQ | HAIS-Q/The Big Five inventory (BFI)/The Risk Averseness Scale | |
| Don’t make excuses! Discouraging neutralization to reduce IT policy violation | Experiment with vignettes | Self-developed scale | |
| Examining the impact of deterrence factors and norms on resistance to Information Systems Security | SAQ | Self-developed scale | |
| Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q) | SAQ | HAIS-Q | |
| The influence of organizational information security culture on information security decision making | SAQ | HAIS-Q | |
| Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior | SAQ | Self-developed scale | |
| Measuring info sec awareness on employee using HAIS-Q case study at XYZ firm | SAQ | HAIS-Q | |
| Interpreting information security policy outcomes: A frames of reference perspective | Self-assessment interview | Self-developed scale | |
| Security policy compliance: User acceptance perspective | SAQ | Self-developed scale | |
| Acquiring sentiment towards information security policies through affective computing | Affective computing and Sentiment analysis – AI | ||
| Information security behavior: Development of a measurement instrument based on the self-determination theory | SAQ | HAIS-Q/SDT (ISCBMSDT) | |
| A path to successful management of employee security compliance: An empirical study of information security climate | SAQ | Self-developed scale | |
| Motivating information security policy compliance: The critical role of supervisor-subordinate guanxi and organizational commitment | SAQ | Self-developed scale | |
| Response biases in policy compliance research | SAQ + Self-assessment on vignettes | Self-reporting policy compliance (SRPC) scale, along with the Marlow–Crowne social desirability (MC-SDB) scale | |
| The impact of leadership on employees’ intended information security behavior: An examination of the full‐range leadership theory | SAQ | Multifactor Leadership Questionnaire (MLQ) form 5X‐Short | |
| Why employees (still) click on phishing links: Investigation in hospitals | SAQ + Clicking data – Phishing campaign | Self-developed scale | |
| Keeping customers’ data secure: A cross-cultural study of cybersecurity compliance among the Gen-Mobile workforce | SAQ | Self-developed scale | |
| Understanding inconsistent employee compliance with information security policies through the lens of the extended parallel process model | SAQ + Self-assessment on vignettes | Self-developed scale | |
| Y. | Voluntary and instrumental information security policy compliance: An integrated view of prosocial motivation, self-regulation and deterrence | SAQ | Self-developed scale |
Sharing content requires targeting cookies to be enabled. Please update your cookie preferences to use this feature.