Factors Influencing Information Security Policy Compliance Behavior in High Education Institutions: Systematic Literature Review

Abstract

Information security policies and behaviors play a crucial role in organizations, particularly in higher education institutions. These policies outline guidelines and best practices to protect sensitive data, safeguard privacy, and prevent unauthorized access or misuse of information. In higher education institutions, they help secure research findings, intellectual property, and student records. By fostering a culture of security awareness and encouraging responsible behavior, organizations can safeguard their reputation, instill trust, and meet legal and regulatory requirements. This literature review has revealed challenges and highlighted the current trends of information security policy compliance, as well as the theories used for information security compliance from 2013 to 2023. Out of 50 research papers published on the topic of information security policy compliance, three influencing factors were identified through filtration: behavioral intention, awareness and culture, and human with organizational management. The findings show that there is a lack of information security policies in the higher education sector. This review contributes to the information security literature by providing a fully organized systematic review of conducted research in the last decade.