{"id":"https://openalex.org/W3117711216","doi":"https://doi.org/10.1108/ics-12-2019-0140","title":"A systematic review of scales for measuring information security culture","display_name":"A systematic review of scales for measuring information security culture","publication_year":2020,"publication_date":"2020-12-04","ids":{"openalex":"https://openalex.org/W3117711216","doi":"https://doi.org/10.1108/ics-12-2019-0140","mag":"3117711216"},"language":"en","primary_location":{"id":"doi:10.1108/ics-12-2019-0140","is_oa":true,"landing_page_url":"https://doi.org/10.1108/ics-12-2019-0140","pdf_url":"https://www.emerald.com/insight/content/doi/10.1108/ICS-12-2019-0140/full/pdf?title=a-systematic-review-of-scales-for-measuring-information-security-culture","source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information & Computer Security","raw_type":"journal-article"},"type":"review","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://www.emerald.com/insight/content/doi/10.1108/ICS-12-2019-0140/full/pdf?title=a-systematic-review-of-scales-for-measuring-information-security-culture","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5075316810","display_name":"\u0160pela Orehek","orcid":"https://orcid.org/0000-0003-2239-3848"},"institutions":[{"id":"https://openalex.org/I153976015","display_name":"University of Ljubljana","ror":"https://ror.org/05njb9z20","country_code":"SI","type":"education","lineage":["https://openalex.org/I153976015"]}],"countries":["SI"],"is_corresponding":false,"raw_author_name":"\u0160pela Orehek","raw_affiliation_strings":["Faculty of Social Sciences, Center for Methodology and Informatics, University of Ljubljana, Ljubljana, Slovenia"],"affiliations":[{"raw_affiliation_string":"Faculty of Social Sciences, Center for Methodology and Informatics, University of Ljubljana, Ljubljana, Slovenia","institution_ids":["https://openalex.org/I153976015"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5078624786","display_name":"Gregor Petri\u010d","orcid":"https://orcid.org/0000-0001-5975-5318"},"institutions":[{"id":"https://openalex.org/I153976015","display_name":"University of Ljubljana","ror":"https://ror.org/05njb9z20","country_code":"SI","type":"education","lineage":["https://openalex.org/I153976015"]}],"countries":["SI"],"is_corresponding":true,"raw_author_name":"Gregor Petri\u010d","raw_affiliation_strings":["Faculty of Social Sciences, Center for Methodology and Informatics, University of Ljubljana, Ljubljana, Slovenia"],"affiliations":[{"raw_affiliation_string":"Faculty of Social Sciences, Center for Methodology and Informatics, University of Ljubljana, Ljubljana, Slovenia","institution_ids":["https://openalex.org/I153976015"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5078624786"],"corresponding_institution_ids":["https://openalex.org/I153976015"],"apc_list":null,"apc_paid":null,"fwci":4.4508,"has_fulltext":true,"cited_by_count":34,"citation_normalized_percentile":{"value":0.95288946,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"29","issue":"1","first_page":"133","last_page":"158"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9955000281333923,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9240000247955322,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/operationalization","display_name":"Operationalization","score":0.8607487678527832},{"id":"https://openalex.org/keywords/scale","display_name":"Scale (ratio)","score":0.5499826669692993},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.5338925719261169},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5291200876235962},{"id":"https://openalex.org/keywords/standard-of-good-practice","display_name":"Standard of Good Practice","score":0.5204092264175415},{"id":"https://openalex.org/keywords/discriminant-validity","display_name":"Discriminant validity","score":0.5104998350143433},{"id":"https://openalex.org/keywords/grasp","display_name":"GRASP","score":0.5038580298423767},{"id":"https://openalex.org/keywords/face-validity","display_name":"Face validity","score":0.48555466532707214},{"id":"https://openalex.org/keywords/documentation","display_name":"Documentation","score":0.4425325095653534},{"id":"https://openalex.org/keywords/content-validity","display_name":"Content validity","score":0.43696293234825134},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.4331343173980713},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.42944014072418213},{"id":"https://openalex.org/keywords/management-science","display_name":"Management science","score":0.35521531105041504},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.30949288606643677},{"id":"https://openalex.org/keywords/psychometrics","display_name":"Psychometrics","score":0.2234083116054535},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.19748800992965698},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.09145832061767578},{"id":"https://openalex.org/keywords/epistemology","display_name":"Epistemology","score":0.0845407247543335}],"concepts":[{"id":"https://openalex.org/C9354725","wikidata":"https://www.wikidata.org/wiki/Q286017","display_name":"Operationalization","level":2,"score":0.8607487678527832},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.5499826669692993},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.5338925719261169},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5291200876235962},{"id":"https://openalex.org/C47309137","wikidata":"https://www.wikidata.org/wiki/Q7598357","display_name":"Standard of Good Practice","level":5,"score":0.5204092264175415},{"id":"https://openalex.org/C120107772","wikidata":"https://www.wikidata.org/wiki/Q168554","display_name":"Discriminant validity","level":4,"score":0.5104998350143433},{"id":"https://openalex.org/C171268870","wikidata":"https://www.wikidata.org/wiki/Q1486676","display_name":"GRASP","level":2,"score":0.5038580298423767},{"id":"https://openalex.org/C33191230","wikidata":"https://www.wikidata.org/wiki/Q3737383","display_name":"Face validity","level":3,"score":0.48555466532707214},{"id":"https://openalex.org/C56666940","wikidata":"https://www.wikidata.org/wiki/Q788790","display_name":"Documentation","level":2,"score":0.4425325095653534},{"id":"https://openalex.org/C58916136","wikidata":"https://www.wikidata.org/wiki/Q1663508","display_name":"Content validity","level":3,"score":0.43696293234825134},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.4331343173980713},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.42944014072418213},{"id":"https://openalex.org/C539667460","wikidata":"https://www.wikidata.org/wiki/Q2414942","display_name":"Management science","level":1,"score":0.35521531105041504},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.30949288606643677},{"id":"https://openalex.org/C171606756","wikidata":"https://www.wikidata.org/wiki/Q506132","display_name":"Psychometrics","level":2,"score":0.2234083116054535},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.19748800992965698},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.09145832061767578},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0845407247543335},{"id":"https://openalex.org/C70410870","wikidata":"https://www.wikidata.org/wiki/Q199906","display_name":"Clinical psychology","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C3018868096","wikidata":"https://www.wikidata.org/wiki/Q2693233","display_name":"Internal consistency","level":3,"score":0.0},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1108/ics-12-2019-0140","is_oa":true,"landing_page_url":"https://doi.org/10.1108/ics-12-2019-0140","pdf_url":"https://www.emerald.com/insight/content/doi/10.1108/ICS-12-2019-0140/full/pdf?title=a-systematic-review-of-scales-for-measuring-information-security-culture","source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information & Computer Security","raw_type":"journal-article"},{"id":"pmh:oai:repozitorij.uni-lj.si:IzpisGradiva.php?id=124723","is_oa":true,"landing_page_url":"https://repozitorij.uni-lj.si/IzpisGradiva.php?id=124723","pdf_url":null,"source":{"id":"https://openalex.org/S4377196268","display_name":"Repository of the University of Ljubljana (University of Ljubljana)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I153976015","host_organization_name":"University of Ljubljana","host_organization_lineage":["https://openalex.org/I153976015"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information and computer security, vol. 29, no. 1, pp. 133-158, 2021.","raw_type":"info:eu-repo/semantics/article"}],"best_oa_location":{"id":"doi:10.1108/ics-12-2019-0140","is_oa":true,"landing_page_url":"https://doi.org/10.1108/ics-12-2019-0140","pdf_url":"https://www.emerald.com/insight/content/doi/10.1108/ICS-12-2019-0140/full/pdf?title=a-systematic-review-of-scales-for-measuring-information-security-culture","source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information & Computer Security","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.550000011920929,"id":"https://metadata.un.org/sdg/10","display_name":"Reduced inequalities"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3117711216.pdf","grobid_xml":"https://content.openalex.org/works/W3117711216.grobid-xml"},"referenced_works_count":53,"referenced_works":["https://openalex.org/W827729370","https://openalex.org/W1494928303","https://openalex.org/W1636536540","https://openalex.org/W1982884571","https://openalex.org/W1987258130","https://openalex.org/W1989210507","https://openalex.org/W1992342542","https://openalex.org/W2005501262","https://openalex.org/W2008556210","https://openalex.org/W2025451090","https://openalex.org/W2029699977","https://openalex.org/W2041822614","https://openalex.org/W2049214960","https://openalex.org/W2071051448","https://openalex.org/W2076538849","https://openalex.org/W2082765746","https://openalex.org/W2088489410","https://openalex.org/W2096409691","https://openalex.org/W2096812562","https://openalex.org/W2111072418","https://openalex.org/W2117332204","https://openalex.org/W2118769530","https://openalex.org/W2124431800","https://openalex.org/W2125608113","https://openalex.org/W2129748849","https://openalex.org/W2161666067","https://openalex.org/W2183877827","https://openalex.org/W2187120365","https://openalex.org/W2240156084","https://openalex.org/W2256804265","https://openalex.org/W2293106360","https://openalex.org/W2300663785","https://openalex.org/W2315364228","https://openalex.org/W2337005109","https://openalex.org/W2340721291","https://openalex.org/W2513235682","https://openalex.org/W2565717183","https://openalex.org/W2572055967","https://openalex.org/W2612808361","https://openalex.org/W2624860278","https://openalex.org/W2786705330","https://openalex.org/W2889870589","https://openalex.org/W2895033590","https://openalex.org/W2896123190","https://openalex.org/W2904802541","https://openalex.org/W2906412805","https://openalex.org/W2907462893","https://openalex.org/W2916190332","https://openalex.org/W3022903699","https://openalex.org/W4235678817","https://openalex.org/W4392260510","https://openalex.org/W6609183171","https://openalex.org/W6617431700"],"related_works":["https://openalex.org/W3159188987","https://openalex.org/W2790710188","https://openalex.org/W3209620787","https://openalex.org/W4200241406","https://openalex.org/W2950601162","https://openalex.org/W4387670520","https://openalex.org/W2765724788","https://openalex.org/W2896096690","https://openalex.org/W2032028652","https://openalex.org/W3039243935"],"abstract_inverted_index":{"Purpose":[0],"The":[1,149,355],"concept":[2,243],"of":[3,48,62,78,96,106,128,135,144,158,169,179,186,189,204,214,235,241,244,266,268,279,285,302,312,320,335,348,351,368],"information":[4,35,70,97,107,159,227,245,269,303,352,369],"security":[5,36,71,98,108,160,228,246,270,304,353,370],"culture,":[6],"which":[7,121,156],"recently":[8],"gained":[9],"increased":[10],"attention,":[11],"aims":[12,55],"to":[13,31,56,68,74,103,116,132,200,230,251,298,316,364],"comprehensively":[14],"grasp":[15],"socio-cultural":[16],"mechanisms":[17],"that":[18,65,87,152,167,296,331,343],"have":[19,28,357],"an":[20,60,93,321],"impact":[21],"on":[22,125,222,237,253],"organizational":[23],"security.":[24],"Different":[25],"measurement":[26,323],"instruments":[27],"been":[29],"developed":[30],"measure":[32,69],"and":[33,45,58,73,82,138,142,166,208,211,259,281,291],"assess":[34,299],"culture":[37,72,99,161,305],"using":[38],"survey-based":[39,366],"tools.":[40],"However,":[41,325],"the":[42,63,76,126,133,139,145,153,170,174,180,187,202,215,223,238,242,264,277,286,300,310,318,340],"content,":[43],"breadth":[44],"face":[46],"validity":[47,141,210,265],"these":[49],"scales":[50,64,105,157,171,267,330,350],"vary":[51],"greatly.":[52],"This":[53,338],"study":[54,342],"identify":[57,117],"provide":[59,182,332],"overview":[61],"are":[66,162],"used":[67],"evaluate":[75,104],"rigor":[77,134,154],"reported":[79,136,140],"scale":[80,95],"development":[81],"validation":[83,188],"procedures.":[84],"Design/methodology/approach":[85],"Papers":[86],"introduce":[88],"a":[89,232,345],"new":[90],"or":[91],"adapt":[92],"existing":[94,254,349],"were":[100,122],"systematically":[101],"reviewed":[102],"culture.":[109,247,271,354,371],"A":[110],"standard":[111],"search":[112],"strategy":[113],"was":[114],"applied":[115],"19":[118],"relevant":[119],"scales,":[120,190,255],"evaluated":[123],"based":[124],"framework":[127],"16":[129],"criteria":[130],"pertaining":[131],"operationalization":[137,216],"reliability":[143],"identified":[146],"scales.":[147],"Findings":[148],"results":[150,311,356],"show":[151],"with":[155],"validated":[163],"varies":[164],"greatly":[165],"none":[168],"meet":[172],"all":[173],"evaluation":[175,347],"criteria.":[176],"Moreover,":[177],"most":[178],"studies":[181,249],"somewhat":[183],"limited":[184,333],"evidence":[185,205,262,334],"indicating":[191],"room":[192],"for":[193,329,360],"further":[194,261],"improvement.":[195],"Particularly,":[196],"critical":[197,346],"issues":[198],"seem":[199],"be":[201],"lack":[203],"regarding":[206,263],"discriminant":[207],"criterion":[209],"incomplete":[212],"documentation":[213],"process.":[217],"Research":[218],"limitations/implications":[219],"Researchers":[220],"focusing":[221],"human":[224],"factor":[225],"in":[226],"need":[229,250],"reach":[231],"certain":[233],"level":[234,301],"agreement":[236],"essential":[239],"elements":[240],"Future":[248],"build":[252],"address":[256],"their":[257],"limitations":[258],"gain":[260],"Further":[272],"research":[273],"should":[274],"also":[275],"investigate":[276],"quality":[278],"definitions":[280],"make":[282],"expert":[283],"assessments":[284],"content":[287],"fit":[288],"between":[289],"concepts":[290],"items.":[292],"Practical":[293],"implications":[294],"Organizations":[295],"aim":[297],"among":[306],"employees":[307],"can":[308],"use":[309],"this":[313],"systematic":[314],"review":[315],"support":[317],"selection":[319],"adequate":[322],"scale.":[324],"caution":[326],"is":[327,339],"needed":[328],"validation.":[336],"Originality/value":[337],"first":[341],"offers":[344],"decision-making":[358],"value":[359],"researchers":[361],"who":[362],"intend":[363],"conduct":[365],"examinations":[367]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":9},{"year":2023,"cited_by_count":10},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":2}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}