{"id":"https://openalex.org/W2587847577","doi":"https://doi.org/10.1109/icitst.2016.7856729","title":"Information security policies: A review of challenges and influencing factors","display_name":"Information security policies: A review of challenges and influencing factors","publication_year":2016,"publication_date":"2016-12-01","ids":{"openalex":"https://openalex.org/W2587847577","doi":"https://doi.org/10.1109/icitst.2016.7856729","mag":"2587847577"},"language":"en","primary_location":{"id":"doi:10.1109/icitst.2016.7856729","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icitst.2016.7856729","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","raw_type":"proceedings-article"},"type":"review","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://ro.ecu.edu.au/ecuworkspost2013/2981","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5052161314","display_name":"Mutlaq Alotaibi","orcid":null},"institutions":[{"id":"https://openalex.org/I897542642","display_name":"University of Plymouth","ror":"https://ror.org/008n7pv89","country_code":"GB","type":"education","lineage":["https://openalex.org/I897542642"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Mutlaq Alotaibi","raw_affiliation_strings":["Centre for Security, Plymouth University, Plymouth, UK"],"affiliations":[{"raw_affiliation_string":"Centre for Security, Plymouth University, Plymouth, UK","institution_ids":["https://openalex.org/I897542642"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033160778","display_name":"Steven Furnell","orcid":"https://orcid.org/0000-0003-0984-7542"},"institutions":[{"id":"https://openalex.org/I99712911","display_name":"Nelson Mandela University","ror":"https://ror.org/03r1jm528","country_code":"ZA","type":"education","lineage":["https://openalex.org/I99712911"]},{"id":"https://openalex.org/I897542642","display_name":"University of Plymouth","ror":"https://ror.org/008n7pv89","country_code":"GB","type":"education","lineage":["https://openalex.org/I897542642"]},{"id":"https://openalex.org/I12079687","display_name":"Edith Cowan University","ror":"https://ror.org/05jhnwe22","country_code":"AU","type":"education","lineage":["https://openalex.org/I12079687"]}],"countries":["AU","GB","ZA"],"is_corresponding":false,"raw_author_name":"Steven Furnell","raw_affiliation_strings":["Centre for Research in Information and Cyber Security, Nelson Mandela Metropolitan University, Port Elizabeth, South Africa","Centre for Security, Plymouth University, Plymouth, UK","Security Research Institute, Edith Cowan University, Perth, Western Australia"],"affiliations":[{"raw_affiliation_string":"Centre for Research in Information and Cyber Security, Nelson Mandela Metropolitan University, Port Elizabeth, South Africa","institution_ids":["https://openalex.org/I99712911"]},{"raw_affiliation_string":"Centre for Security, Plymouth University, Plymouth, UK","institution_ids":["https://openalex.org/I897542642"]},{"raw_affiliation_string":"Security Research Institute, Edith Cowan University, Perth, Western Australia","institution_ids":["https://openalex.org/I12079687"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5029670131","display_name":"Nathan Clarke","orcid":"https://orcid.org/0000-0002-3595-3800"},"institutions":[{"id":"https://openalex.org/I897542642","display_name":"University of Plymouth","ror":"https://ror.org/008n7pv89","country_code":"GB","type":"education","lineage":["https://openalex.org/I897542642"]},{"id":"https://openalex.org/I12079687","display_name":"Edith Cowan University","ror":"https://ror.org/05jhnwe22","country_code":"AU","type":"education","lineage":["https://openalex.org/I12079687"]}],"countries":["AU","GB"],"is_corresponding":false,"raw_author_name":"Nathan Clarke","raw_affiliation_strings":["Centre for Security, Plymouth University, Plymouth, UK","Security Research Institute, Edith Cowan University, Perth, Western Australia"],"affiliations":[{"raw_affiliation_string":"Centre for Security, Plymouth University, Plymouth, UK","institution_ids":["https://openalex.org/I897542642"]},{"raw_affiliation_string":"Security Research Institute, Edith Cowan University, Perth, Western Australia","institution_ids":["https://openalex.org/I12079687"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5052161314"],"corresponding_institution_ids":["https://openalex.org/I897542642"],"apc_list":null,"apc_paid":null,"fwci":9.725,"has_fulltext":false,"cited_by_count":56,"citation_normalized_percentile":{"value":0.97954316,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"352","last_page":"358"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/asset","display_name":"Asset (computer security)","score":0.7293033003807068},{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.7292495965957642},{"id":"https://openalex.org/keywords/information-security-standards","display_name":"Information security standards","score":0.7144490480422974},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.6693688035011292},{"id":"https://openalex.org/keywords/certified-information-security-manager","display_name":"Certified Information Security Manager","score":0.6647052764892578},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.6081934571266174},{"id":"https://openalex.org/keywords/security-management","display_name":"Security management","score":0.5609909892082214},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.5599537491798401},{"id":"https://openalex.org/keywords/security-policy","display_name":"Security policy","score":0.5186576247215271},{"id":"https://openalex.org/keywords/promotion","display_name":"Promotion (chess)","score":0.47701501846313477},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.4689977169036865},{"id":"https://openalex.org/keywords/security-through-obscurity","display_name":"Security through obscurity","score":0.46232062578201294},{"id":"https://openalex.org/keywords/shadow","display_name":"Shadow (psychology)","score":0.4496062099933624},{"id":"https://openalex.org/keywords/security-convergence","display_name":"Security convergence","score":0.4460415244102478},{"id":"https://openalex.org/keywords/information-security-audit","display_name":"Information security audit","score":0.4337744116783142},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4176666736602783},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.4037303328514099},{"id":"https://openalex.org/keywords/network-security-policy","display_name":"Network security policy","score":0.34456297755241394},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.20895105600357056},{"id":"https://openalex.org/keywords/political-science","display_name":"Political science","score":0.12973281741142273},{"id":"https://openalex.org/keywords/finance","display_name":"Finance","score":0.11753100156784058},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.0870024561882019}],"concepts":[{"id":"https://openalex.org/C76178495","wikidata":"https://www.wikidata.org/wiki/Q4808784","display_name":"Asset (computer security)","level":2,"score":0.7293033003807068},{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.7292495965957642},{"id":"https://openalex.org/C139547956","wikidata":"https://www.wikidata.org/wiki/Q6031202","display_name":"Information security standards","level":5,"score":0.7144490480422974},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.6693688035011292},{"id":"https://openalex.org/C180823521","wikidata":"https://www.wikidata.org/wiki/Q1662502","display_name":"Certified Information Security Manager","level":5,"score":0.6647052764892578},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.6081934571266174},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.5609909892082214},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.5599537491798401},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.5186576247215271},{"id":"https://openalex.org/C98147612","wikidata":"https://www.wikidata.org/wiki/Q215599","display_name":"Promotion (chess)","level":3,"score":0.47701501846313477},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.4689977169036865},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.46232062578201294},{"id":"https://openalex.org/C117797892","wikidata":"https://www.wikidata.org/wiki/Q286363","display_name":"Shadow (psychology)","level":2,"score":0.4496062099933624},{"id":"https://openalex.org/C52420254","wikidata":"https://www.wikidata.org/wiki/Q7445028","display_name":"Security convergence","level":5,"score":0.4460415244102478},{"id":"https://openalex.org/C39358052","wikidata":"https://www.wikidata.org/wiki/Q2578632","display_name":"Information security audit","level":5,"score":0.4337744116783142},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4176666736602783},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.4037303328514099},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.34456297755241394},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.20895105600357056},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.12973281741142273},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.11753100156784058},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0870024561882019},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C94625758","wikidata":"https://www.wikidata.org/wiki/Q7163","display_name":"Politics","level":2,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/icitst.2016.7856729","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icitst.2016.7856729","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","raw_type":"proceedings-article"},{"id":"pmh:oai:ro.ecu.edu.au:ecuworkspost2013-3984","is_oa":true,"landing_page_url":"https://ro.ecu.edu.au/ecuworkspost2013/2981","pdf_url":null,"source":{"id":"https://openalex.org/S2765015692","display_name":"Australasian Journal of Paramedicine","issn_l":"2202-7270","issn":["2202-7270"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Research outputs 2014 to 2021","raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:ro.ecu.edu.au:ecuworkspost2013-3984","is_oa":true,"landing_page_url":"https://ro.ecu.edu.au/ecuworkspost2013/2981","pdf_url":null,"source":{"id":"https://openalex.org/S2765015692","display_name":"Australasian Journal of Paramedicine","issn_l":"2202-7270","issn":["2202-7270"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Research outputs 2014 to 2021","raw_type":"text"},"sustainable_development_goals":[{"score":0.7099999785423279,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":36,"referenced_works":["https://openalex.org/W70814120","https://openalex.org/W167647836","https://openalex.org/W201982356","https://openalex.org/W1512740566","https://openalex.org/W1602619638","https://openalex.org/W1992549547","https://openalex.org/W1998157899","https://openalex.org/W2010902645","https://openalex.org/W2026031776","https://openalex.org/W2029518478","https://openalex.org/W2044935933","https://openalex.org/W2071051448","https://openalex.org/W2079037403","https://openalex.org/W2081526168","https://openalex.org/W2083829472","https://openalex.org/W2084035166","https://openalex.org/W2088489410","https://openalex.org/W2105992541","https://openalex.org/W2112601310","https://openalex.org/W2133295470","https://openalex.org/W2141540530","https://openalex.org/W2148404854","https://openalex.org/W2153462231","https://openalex.org/W2171080494","https://openalex.org/W2420107722","https://openalex.org/W2741752736","https://openalex.org/W2796585648","https://openalex.org/W2909520346","https://openalex.org/W4241315909","https://openalex.org/W4246793006","https://openalex.org/W6602780567","https://openalex.org/W6606825232","https://openalex.org/W6608191933","https://openalex.org/W6630747704","https://openalex.org/W6676941101","https://openalex.org/W6681988739"],"related_works":["https://openalex.org/W2741061559","https://openalex.org/W585485619","https://openalex.org/W2015549376","https://openalex.org/W1976878590","https://openalex.org/W2049188895","https://openalex.org/W2483557577","https://openalex.org/W4285782133","https://openalex.org/W2149739119","https://openalex.org/W2555665621","https://openalex.org/W2991148700"],"abstract_inverted_index":{"Organisations":[0],"increasingly":[1],"perceive":[2],"their":[3,31,231],"employees":[4,22,102],"as":[5,23,54,57],"a":[6,88,93,174],"great":[7],"asset":[8],"that":[9,50,68,101,159,220],"needs":[10],"to":[11,30,38,86,127,135,155,169,177,224,233],"be":[12,39,87],"cared":[13],"for;":[14],"however,":[15],"at":[16],"the":[17,26,77,106,140,144,157,204,239],"same":[18],"time,":[19],"they":[20],"view":[21],"one":[24,75,104],"of":[25,64,76,105,110,122,139,147],"biggest":[27],"potential":[28],"threats":[29],"cyber":[32],"security.":[33,114,202],"Employees":[34],"are":[35,52,58,103,130],"widely":[36],"acknowledged":[37],"responsible":[40],"for":[41],"security":[42,72,124,149,171,179,188,193,195,235],"breaches":[43,111],"in":[44,112,167],"organisations,":[45],"and":[46,120,198,200,213,228],"it":[47,97],"is":[48,74,83,98,134,154],"important":[49],"these":[51],"given":[53],"much":[55],"attention":[56],"technical":[59,94],"issues.":[60],"A":[61,151],"significant":[62],"number":[63],"researchers":[65],"have":[66,161,181,208],"argued":[67],"non-compliance":[69],"with":[70,192],"information":[71,113,123,148,170,178,234],"policy":[73,128,180,189,196,236],"major":[78,107],"challenges":[79,142,176],"facing":[80],"organisations.":[81],"This":[82],"primarily":[84],"considered":[85],"human":[89,214],"problem":[90],"rather":[91],"than":[92],"issue.":[95],"Thus,":[96],"not":[99],"surprising":[100],"underlying":[108],"causes":[109],"In":[115],"this":[116,217],"paper,":[117],"academic":[118],"literature":[119],"reports":[121],"institutes":[125],"relating":[126],"compliance":[129,240],"reviewed.":[131],"The":[132],"objective":[133],"provide":[136],"an":[137,162],"overview":[138],"key":[141],"surrounding":[143],"successful":[145],"implementation":[146],"policies.":[150],"further":[152],"aim":[153],"investigate":[156],"factors":[158,205],"may":[160],"influence":[163],"upon":[164],"employees'":[165],"behaviour":[166,207],"relation":[168],"policy.":[172],"As":[173],"result,":[175],"been":[182,209],"classified":[183],"into":[184,211],"four":[185],"main":[186],"groups:":[187],"promotion;":[190],"noncompliance":[191],"policy;":[194],"management":[197],"updating;":[199],"shadow":[201],"Furthermore,":[203],"influencing":[206],"divided":[210],"organisational":[212],"factors.":[215],"Ultimately,":[216],"paper":[218],"concludes":[219],"continuously":[221],"subjecting":[222],"users":[223],"targeted":[225],"awareness":[226],"raising":[227],"dynamically":[229],"monitoring":[230],"adherence":[232],"should":[237],"increase":[238],"level.":[241]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":10},{"year":2022,"cited_by_count":9},{"year":2021,"cited_by_count":8},{"year":2020,"cited_by_count":6},{"year":2019,"cited_by_count":10},{"year":2018,"cited_by_count":3},{"year":2016,"cited_by_count":1}],"updated_date":"2026-04-02T15:55:50.835912","created_date":"2025-10-10T00:00:00"}