Evolution of information security awareness towards maturity: a systematic review
This systematic review provides an in-depth analysis of existing information security awareness (ISA) maturity models. This review synthesizes findings from 25 scholarly articles, identifying standard dimensions such as risk management, organizational culture, training programs, policy compliance, a...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Insight Society
2024
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/118994/ http://psasir.upm.edu.my/id/eprint/118994/1/118994.pdf |
| Summary: | This systematic review provides an in-depth analysis of existing information security awareness (ISA) maturity models. This review synthesizes findings from 25 scholarly articles, identifying standard dimensions such as risk management, organizational culture, training programs, policy compliance, and technical measures. Despite diverse approaches, significant gaps are evident, particularly the absence of tailored models for specific organizational types like public sector entities. Additionally, the reliance on self-reported data and expert opinions in many models introduces biases, limiting their applicability. The findings underscore the need for organizations to adopt a comprehensive approach to ISA maturity, combining technical controls with behavioral assessments. This holistic view is essential for developing robust ISA maturity frameworks to address evolving cyber threats. Emphasizing compliance with established standards, such as ISO/IEC 27001, is critical to enhancing ISA across industries. Future research should focus on validating and refining ISA maturity models in diverse contexts and industries. This includes testing models in different organizational settings to ensure broader applicability and developing frameworks integrating technical and behavioral dimensions. Addressing sector-specific tailoring, integrating technical and managerial aspects, and providing rigorous empirical validation are critical for developing more effective and adaptable models. Developing ISA maturity models specifically tailored for the public sector is vital due to these organizations’ unique challenges and responsibilities. Utilizing updated versions of standards like ISO 27000 series provides a robust framework for maintaining high information security awareness and preparedness standards. © (2024), (Insight Society Insight Society). All rights reserved. |
|---|